The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes 'whoami' and 'git config user.name' via the shell to retrieve the developer's identity for use in the generated specification file's path and metadata (SKILL.md).
[DATA_EXFILTRATION]: The skill accesses 'api/src/environments/env.local.yml' to parse the 'DATABASE_URL' and determine the database type (PostgreSQL vs MySQL) in the Section: '필수: DB 종류 판별'. This file is highly sensitive as it typically contains local or production credentials.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting and processing content from various source files (such as .vue, .ts, .mock.ts, and schemas) to construct new specifications. • Ingestion points: Reads files from PROTO_PATH, feature-docs, and schema paths (SKILL.md, Workflow Step 1). • Boundary markers: Absent; there are no instructions to the agent to treat imported content as untrusted or to ignore embedded instructions. • Capability inventory: The agent has the ability to write files to the local file system and execute shell commands. • Sanitization: Absent; ingested data is not validated or sanitized before being integrated into the generated specification.

peach-gen-spec