The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local scripts (spec-create-branch.ps1 and spec-create-branch.sh) to automate repository management tasks like branch creation and directory structure setup. The PowerShell execution utilizes the -ExecutionPolicy Bypass flag to ensure the local script can run on Windows environments.
[COMMAND_EXECUTION]: The provided scripts contain functions to delete the input source file after processing (e.g., using Remove-Item in PowerShell and rm in Bash). This behavior is documented in the SKILL.md as an intended side effect for managing temporary requirement files.
[PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by ingesting user-provided text and writing it to a file (raw.md) that is later consumed by the SDLC pipeline. Evidence: 1) Ingestion point: User input text or file path identified in SKILL.md. 2) Boundary markers: Absent in the output file. 3) Capability inventory: Git branch manipulation and file system deletion across all scripts. 4) Sanitization: Basic JSON escaping is performed on output metadata, but the requirement content itself is not sanitized for embedded instructions.

spec-init