The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill interacts with GitHub to create or bind Product Requirement issues. This involves using the GitHub API to manage project tracking. As GitHub is a well-known service used for project management, and the skill explicitly requires human confirmation for external mutations, this is considered standard functionality for its stated purpose.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes external content (Product Requirement Documents).
Ingestion points: The skill reads prd.md and ledger.yml from the local repository and may read external GitHub issues.
Boundary markers: The instructions include explicit quality gates and a "Bounded Shared Understanding Gate" to validate requirements before committing changes.
Capability inventory: The skill has the capability to write to local files (prd.md, ledger.yml), move directories (_drafts), perform local git commits, and create/update GitHub issues.
Sanitization: The skill relies on specific handoff checklists and human approval (/gadd:approve) as a final gate before promotion, which mitigates the risk of unauthorized or malicious instruction execution through processed data.
[COMMAND_EXECUTION]: The skill mentions committing changes locally and promoting draft directories. These are standard version control and file system operations within a development workflow environment.

gadd-refine