The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted user input as context for a multi-step workflow, creating a potential surface for indirect prompt injection. * Ingestion points: User prompt passed directly to /workflow-start in SKILL.md. * Boundary markers: Absent; no delimiters (e.g., XML tags or triple quotes) are used to isolate user input from the workflow instructions. * Capability inventory: The skill utilizes multiple internal workflow commands including /review-artifact, /quality-gate, /handoff, /plan, /plan-review, /plan-validate, and /workflow-end. * Sanitization: Absent; there is no specification for validation or escaping of the user-provided context.

workflow-ba-dev-handoff