The Agent Skills Directory

[SAFE]: The skill performs routine software engineering tasks such as reading project documentation and generating implementation stories based on those documents.
[COMMAND_EXECUTION]: The skill utilizes the Task tool to invoke a secondary agent (qa-lead) for a quality assurance gate. This is a legitimate architectural pattern within the defined project workflow and does not involve arbitrary shell execution or untrusted command injection.
[INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests content from project files (GDDs, ADRs, and manifests) to generate its output.
Ingestion points: SKILL.md reads from design/gdd/*.md, production/epics/*.md, and docs/architecture/*.md.
Boundary markers: No explicit delimiters are used to wrap the ingested content when passing it to the agent or the secondary qa-lead agent.
Capability inventory: The skill has Write access to the filesystem (to create stories) and the ability to spawn agents via the Task tool.
Sanitization: The skill mitigates risks through a mandatory human-in-the-loop review (AskUserQuestion in Step 5) where the user must approve the generated stories before they are written to disk.

create-stories