The Agent Skills Directory

[PROMPT_INJECTION]: The skill employs authoritative directives intended to override or bypass standard agent behavior. It uses language such as "MUST FOLLOW," "not negotiable," and "hard-refusal directive" to force the agent into a specific structured workflow and discourage improvisation.
[PROMPT_INJECTION]: Indirect injection risk surface: The skill dynamically ingests untrusted content from external web sources through search and fetch operations to "forge" new templates. These generated templates are then re-inserted into the agent's context within a high-priority enforcement directive.
Ingestion points: External data enters the context via the built-in WebSearch and WebFetch tools, as well as the referenced deep-research skill.
Boundary markers: While the final output is delimited by ASCII borders, there are no instructions for sanitizing or isolating untrusted input during the research and forging phases to prevent embedded instructions from being followed by the agent.
Capability inventory: The skill possesses the ability to write files to the local docs/templates/ directory and is designed to influence downstream operations involving sensitive tools such as gh, jira, and git.
Sanitization: No explicit sanitization or filtering of external content is defined; the skill relies on source-quality heuristics that may not prevent adversarial instructions hidden in reputable-looking content.

content-template-gateway