The Agent Skills Directory

[PROMPT_INJECTION]: The skill does not contain instructions that attempt to override the agent's safety guidelines, extract system prompts, or bypass constraints. The instructions focus entirely on requirement engineering workflows.
[DATA_EXFILTRATION]: No network operations or exfiltration patterns were found. The metadata explicitly sets requires_network to false and limits tools to local file access.
[REMOTE_CODE_EXECUTION]: There are no patterns involving the download or execution of remote scripts or unverified packages.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest untrusted data from external sources like user tickets or research notes to generate specifications.
Ingestion points: User input, tickets, and research material defined in SKILL.md and metadata.json.
Boundary markers: The instructions do not define specific delimiters or "ignore embedded instructions" warnings for the input data.
Capability inventory: The skill uses write_file to produce artifacts and read_file to access its own rules and templates.
Sanitization: No explicit sanitization or filtering of external content is defined in the workflow.
[OBFUSCATION]: A manual and automated scan of all 15 files found no evidence of Base64 encoding, zero-width characters, homoglyphs, or hidden URL patterns.

spec-engine