The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and processing untrusted external data.
Ingestion points: The agent reads content from _prd.md files, existing Architecture Decision Records (ADRs) in the .compozy/tasks/ directory, and performs general codebase exploration to analyze architecture and dependencies.
Boundary markers: Absent. The instructions do not define specific delimiters or escaping mechanisms to separate the data found in files from the agent's internal instruction context.
Capability inventory: The skill is capable of directory creation, writing multiple ADR markdown files, and writing the final TechSpec file to the local file system.
Sanitization: Absent. There are no instructions to validate, sanitize, or filter the content retrieved from the PRDs or source code before it is interpolated into the design drafts.
Process Controls: The skill includes significant procedural mitigations, such as a mandatory '' requiring user approval of the final draft and an interactive review phase where the user must approve the approach before any files are saved.

cy-create-techspec