The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes the openspec CLI tool via shell commands to initialize changes, check status, and retrieve artifact instructions. Commands include openspec new change, openspec status, and openspec instructions.
[COMMAND_EXECUTION]: User-provided input is used to generate a change name. The skill instructs the agent to convert this input into a kebab-case format before execution, which serves as a sanitization step to mitigate potential command injection via the <name> argument.
[INDIRECT_PROMPT_INJECTION]: The skill reads and processes external data (context, rules, and instructions) returned by the openspec tool in JSON format. This constitutes an ingestion point for untrusted data.
Ingestion points: Data is ingested from the output of openspec instructions <artifact-id> --change "<name>" --json (SKILL.md, Step 4a).
Boundary markers: The skill contains explicit instructions to treat the ingested context and rules as constraints and specifically forbids copying them into the output files, reducing the likelihood of accidental execution of embedded instructions.
Capability inventory: The skill has the capability to execute shell commands (openspec) and write files to the local file system.
Sanitization: There is no explicit sanitization of the JSON content before processing, though the agent is directed to use it for context only.

openspec-propose