The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use various command-line tools such as curl, httpie, websocat, and playwright-cli to perform end-to-end verification and demos. These are standard developer tools used appropriately within the TDD workflow.
[EXTERNAL_DOWNLOADS]: The instructions involve the installation of common development dependencies and testing frameworks (e.g., vitest, pytest, jest) via standard package managers like npm and pip. These are well-known services and do not represent a security risk in this context.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from user requests and existing codebases. However, it mitigates this by requiring structured specifications, EARS notation for requirements, and clear boundary markers in its templates. The risk is considered low and inherent to the skill's primary function as a coding assistant.
[REMOTE_CODE_EXECUTION]: The skill facilitates the generation and execution of code as part of the TDD loop (writing tests and implementation). This is the intended purpose of the skill and is governed by the agent's execution environment.

spec-driven-tdd