The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands that incorporate user-controlled variables, creating a risk of path traversal or command manipulation.
Evidence: Uses ls docs/09_SPEC/SPEC-{NN}_*/ to verify file existence, where {NN} is extracted directly from user-supplied strings.
Evidence: Executes python ai_dev_ssd_flow/scripts/update_traceability_matrix.py to synchronize project metadata.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection as its core logic involves reading and interpreting untrusted requirement documents.
Ingestion points: Reads content from REQ and CTR (requirement and contract) documents as part of Phase 1.
Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' prefixes for the data ingested from external files.
Capability inventory: The skill has the ability to read/write files, list directory contents, and execute local Python scripts.
Sanitization: No content validation or sanitization process is described for the text extracted from the requirement documents before it influences the agent's logic.

doc-spec-autopilot