The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted external documents (like SDD or PRD files) to drive its orchestration logic and code generation. Malicious instructions embedded within these documents could potentially influence the agent's behavior during the build process.
Ingestion points: Reads specification files from paths provided by the user in the command argument (e.g., civicpulse/docs/SDD-v0.6.md).
Boundary markers: No specific delimiters or safety warnings to ignore instructions inside the ingested documents are defined in the instructions.
Capability inventory: Includes the ability to scaffold code, write to the filesystem, execute code via a testing harness (gan-evaluator), and perform git commits.
Sanitization: There is no evidence of sanitization or filtering applied to the content of the ingested documents.
[COMMAND_EXECUTION]: The skill implements an automated code generation and execution loop. It uses the gan-build tool to generate source code and then immediately executes that code using an evaluator (like Playwright or a code-only runner) to check against the specification. Executing dynamically generated code based on untrusted input documents is a potential execution risk, although the skill does include 'Gate' checkpoints for human approval.

orch-build-mvp