The Agent Skills Directory

[SAFE]: The skill is primarily educational and procedural, offering a framework for software audit and compliance tasks.
[DATA_EXPOSURE]: The skill includes an example script that reads local files (e.g., spec.md and Python source files in src/ or tests/) to extract requirement IDs. This behavior is consistent with the stated purpose of a traceability generator and does not target sensitive system directories or credentials.
[INDIRECT_PROMPT_INJECTION]: The skill describes a workflow that ingests data from external sources (requirements specifications and source code comments). While this presents a potential surface for indirect prompt injection if those files contain adversarial instructions, the provided logic uses standard regex and AST parsing rather than unsafe execution or unvalidated prompt interpolation. This is a low-risk inherent characteristic of document-processing skills.
[COMMAND_EXECUTION]: The skill provides an illustrative Python script for matrix generation. This script uses safe, standard library modules (re, ast, pathlib) to perform static analysis and does not invoke external shell commands or arbitrary execution functions.

traceability-matrix-generator