The Agent Skills Directory

[SAFE]: The skill implements a robust "trust but verify" model for task execution. It uses specialized subagents for implementation and separate subagents for both specification compliance and code quality reviews. This architecture acts as a strong defense against logic errors or malicious instructions by ensuring that work is reviewed by independent agent instances before being finalized.\n- [DATA_EXFILTRATION]: There is no evidence of the skill accessing sensitive system files, cloud credentials (such as .aws, .ssh), or environment secrets. All operations appear to be local to the project workspace.\n- [COMMAND_EXECUTION]: Tool usage is confined to standard development activities, including file manipulation, testing, and git operations within isolated worktrees. The skill explicitly requires setting up an isolated workspace before starting, which is a key security measure for managing agent-led implementations.\n- [PROMPT_INJECTION]: While the skill processes task descriptions that could theoretically contain malicious instructions (indirect prompt injection), the risk is effectively mitigated by the mandatory two-stage review process. The spec-reviewer-prompt.md instructions require reviewers to "verify everything independently" and "do not trust the report," ensuring the final code adheres to the original specification regardless of any manipulation attempted in the implementer stage.\n- [EXTERNAL_DOWNLOADS]: The skill does not perform external network requests or download unverified packages or scripts. It relies on internal platform tools and local development context.

subagent-driven-development