The Agent Skills Directory

[SAFE]: The skill defines a process for the SPARC methodology's specification phase. Analysis shows no evidence of malicious intent, unauthorized network communication, or obfuscation.
[PROMPT_INJECTION]: The skill processes user-supplied feature descriptions through the $ARGUMENTS variable, which creates a surface for indirect prompt injection. This is a standard risk for requirements-gathering tools and is not indicative of malicious design.
Ingestion points: The $ARGUMENTS input is used in SKILL.md to initialize phase tracking and search for patterns.
Boundary markers: The instructions do not include specific delimiters or warnings to ignore embedded instructions within the user-provided content.
Capability inventory: The skill has access to Bash, Edit, and Read tools, as well as a suite of memory management tools (mcp__claude-flow__memory_*).
Sanitization: No explicit input validation or sanitization is defined for the feature description string.
[COMMAND_EXECUTION]: The skill requests access to the Bash tool to analyze the codebase for requirements gathering. This usage is appropriate for the skill's documented purpose.

sparc-spec