The Agent Skills Directory

[SAFE]: The skill's functionality is strictly scoped to reading and writing project files (specs and code) and executing a local syntax checker (allium check). These operations are consistent with the documented purpose of reconciling specification drift.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes external, potentially untrusted data from the workspace.
Ingestion points: Reads contents from .allium specification files and implementation source code throughout the project directory (SKILL.md, lines 14, 17).
Boundary markers: Absent. There are no explicit instructions to the agent to treat file contents as strictly non-instructional data.
Capability inventory: Capability to read and modify local files, and execute shell commands (allium check, project tests).
Sanitization: Absent. The skill does not implement validation or escaping of the processed file content.

weed