The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is instructed to execute arbitrary shell commands defined in the 'Verify' field of 'tasks.md' files. The instructions explicitly state that the agent must run the exact command provided without substitution, which allows for the execution of potentially dangerous system commands if the input file is compromised.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming and strictly following instructions from external specification files. Evidence Chain: 1. Ingestion points: 'requirements.md', 'design.md', and 'tasks.md' files. 2. Boundary markers: The agent must restate the goal and verification command before execution, and it pauses for user review after task batches. 3. Capability inventory: File creation/modification, arbitrary command execution via shell, and dependency installation. 4. Sanitization: None; the skill is directed to follow the provided commands exactly.
[EXTERNAL_DOWNLOADS]: The workflow involves installing software dependencies from standard registries (e.g., using npm, pip, or cargo) if they are referenced in the design documentation. These operations are performed as part of the intended implementation process.
[REMOTE_CODE_EXECUTION]: By combining the ability to write code files and execute system commands to validate them, the skill provides a mechanism for code execution based on the contents of the specification files it processes.

spec-impl