The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when fetching external requirements to drive plan generation.
Ingestion points: workflows/new.md (Step 0.8) fetches content from external URLs including Linear issues, Notion pages, and GitHub/GitLab issues using MCP tools and CLI commands.
Boundary markers: Absent. The external content is stored as EXTERNAL_CONTEXT and directly presented to or processed by agents to determine implementation approaches.
Capability inventory: agents/spec-executor.md and related workflows utilize high-privilege capabilities including Bash (shell access), Write/Edit (file system modification), and sub-agent spawning.
Sanitization: Absent. There is no evidence of filtering or escaping instructions embedded within the fetched external requirement text.
[COMMAND_EXECUTION]: The skill performs extensive shell operations to manage the development environment.
Evidence: Workflows in workflows/ and agents in agents/ execute git, gh, glab, and npx commands for worktree management, pull request creation, and package execution.
Evidence: workflows/allow.md and workflows/new.md programmatically modify the platform configuration file (~/.claude/settings.json) to pre-approve tool permissions for background agents.
[EXTERNAL_DOWNLOADS]: The skill relies on external executable code downloaded at runtime.
Evidence: Multiple workflows (e.g., workflows/new.md, workflows/clean.md, workflows/refresh.md) execute npx @codevoyant/agent-kit. This package is a vendor-owned resource associated with the skill author ('cloudvoyant').

spec