The Agent Skills Directory

[SAFE]: The skill logic is implemented through a series of transparent bash scripts that operate on local files.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external requirement data (JSON handoffs) and interpolates it into markdown templates.
Ingestion points: scripts/spec-from-handoff.sh and scripts/spec-from-input.sh read requirement fields like title and description.
Boundary markers: The skill relies on standard markdown headers and the structure of the JSON input but lacks explicit delimiters or instructions to ignore nested prompt commands within the requirement text.
Capability inventory: The skill uses shell execution for validation and write_file for creating the specifications.
Sanitization: Basic input validation is performed for the risk tier and file names, though the main requirement content is treated as literal text for the template.
[SAFE]: The skill includes a dedicated security policy script (scripts/policies/30-security-redactions.sh) that checks for common secret patterns like Bearer tokens and Azure DevOps Personal Access Tokens, reducing the risk of accidental data exposure.

openspec-gateway