The Agent Skills Directory

[SAFE]: A comprehensive analysis of the skill instructions and the tracking checklist was performed across all ten threat categories. No patterns related to obfuscation, credential theft, privilege escalation, or unauthorized network operations were detected. The skill workflow aligns with legitimate software engineering practices for task execution and repository maintenance.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because its core functionality requires reading and following instructions from external documentation. 1. Ingestion points: The skill reads task specifications, technical specifications, task lists, and Architectural Decision Records (ADRs) from the PRD directory. 2. Boundary markers: No specific delimiters or instructions are provided to the agent to help it distinguish between documentation content and embedded commands. 3. Capability inventory: The agent has permissions to modify files in the repository, execute the verification skill, and create git commits. 4. Sanitization: There is no evidence of validation or filtering applied to the content of the documents before they are processed by the agent. This risk is inherent to any agent-based tool that processes untrusted project data.

execute-prd-task