The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design. It collects free-text input from users—such as task descriptions, error messages, and content from external URLs—and interpolates this data into a structured prompt template intended for agent execution.
Ingestion points: Data enters the context via the AskUserQuestion tool during the interview flow in SKILL.md (specifically in the Context Gathering and Additional Materials steps).
Boundary markers: While the skill uses Markdown headers (e.g., ## Context, ## Requirements) in SKILL.md to structure the output, it lacks specific delimiters or system instructions to treat the interpolated user data as non-executable text.
Capability inventory: The skill itself is described as conversational and read-only in SKILL.md. However, the generated output is designed to drive subsequent agent tasks which may involve file system access or command execution.
Sanitization: SKILL.md includes instructions to reject path traversal characters (..) and shell metacharacters, which provides some protection, but does not prevent logic-based prompt injection within the text fields.

Prompt Wizard