The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external data from requirement (REQ) and architecture (ARCH) documents to drive technical design and implementation. This presents a surface for indirect prompt injection where instructions hidden in the documentation could manipulate the agent's output.
Ingestion points: cc-req output documents, cc-arch output documents, and local project files like impl-checklist.yaml and items.yaml.
Boundary markers: The skill does not explicitly define delimiters or specific "ignore embedded instructions" warnings when processing the body of REQ/ARCH documents.
Capability inventory: The skill can create and modify files in the wiki/features/ directory, write source code, and execute local scripts (validate-yaml, review-generate.mjs).
Sanitization: No specific sanitization or filtering of the input documentation content is mentioned before it is used to generate implementation plans.
[COMMAND_EXECUTION]: The workflow involves executing local scripts and tools during the implementation and review phases, such as validate-yaml and review-generate.mjs. While these appear to be internal project utilities, they represent the execution of code based on the current implementation state.

cc-spec