The Agent Skills Directory

[DATA_EXPOSURE]: The skill performs extensive reading of project documentation (docs/**/*.md), configuration files (docs/project-config.json), and source code (analyzing imports and API calls). While it only writes to internal paths (plans/reports/ and docs/project-reference/), this broad access to project structure and service mappings constitutes significant data exposure within the agent's context.
[INDIRECT_PROMPT_INJECTION]: The skill identifies and processes documentation patterns, templates, and conventions from various files across the repository. This ingestion of potentially untrusted data from the filesystem creates a surface for indirect prompt injection. If a file being scanned contains malicious instructions or specifically crafted text, it could influence the agent's output during the generation and verification phases. No explicit sanitization or boundary markers for this external data are mentioned in the instructions.

scan-feature-docs