The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates external, untrusted content into its decision-making and file-writing process.
Ingestion points: User-provided plan argument in SKILL.md and existing project files (e.g., docs/*.md, CLAUDE.md).
Boundary markers: No explicit markers or warnings are used to distinguish user input from the skill's operational instructions.
Capability inventory: The skill allows the agent to create and update files within the docs/ directory.
Sanitization: No sanitization, escaping, or validation of the input content is performed before it is used to modify the project documentation.

domain