The Agent Skills Directory

[SAFE]: The skill implements a standard development lifecycle workflow including phases for project constitution, specification, planning, and implementation.
[DATA_EXPOSURE]: The skill interacts with local project files such as .constitution.md and the .specs/ directory to store and manage workflow artifacts. This behavior is consistent with the stated purpose of a specification-driven development tool.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute workflow logic and project tests. The commands described are typical for development environments (e.g., running tests, generating reports).
[INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted user input via $ARGUMENTS and reads external codebase content.
Ingestion points: User-provided feature requests in $ARGUMENTS and codebase analysis during Phase 2 (SKILL.md).
Boundary markers: Absent. The skill does not define specific delimiters to isolate untrusted input from agent instructions.
Capability inventory: The skill has access to powerful tools including Bash, Write, Edit, and Task (SKILL.md).
Sanitization: Absent. There is no mention of sanitizing or escaping the content processed during the workflow phases.

speckit-run