The Agent Skills Directory

[COMMAND_EXECUTION]: The skill incorporates a variable change name directly into shell commands, such as openspec status --change "<name>" --json, which can lead to command injection if the input is not sanitized.
[PROMPT_INJECTION]: The skill acts as an indirect prompt injection surface by processing external file content and CLI task lists. Ingestion points: Context files (like specs and design) and CLI task descriptions. Boundary markers: None identified. Capability inventory: The skill can modify the local file system and execute shell commands. Sanitization: No validation or sanitization is performed on the ingested content.

openspec-apply-change