The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes task lists provided by a PM agent, which serves as a potential vector for indirect prompt injection if those tasks originate from untrusted external sources like GitHub issues or pull request descriptions. Ingestion points: Processes task lists from the PM agent (referenced in Step 1). Boundary markers: There are no delimiters or explicit instructions provided to the agent to treat this external task data as untrusted or to ignore instructions embedded within it. Capability inventory: The agent has access to 'bash' for command execution, 'git' for repository management, and general 'File ops' for reading and writing project files. Sanitization: No sanitization or validation logic is defined for the content of the ingested task lists.
[COMMAND_EXECUTION]: The skill explicitly authorizes the agent to use the 'bash' tool for executing arbitrary commands, running tests, and reading logs. While necessary for a developer persona, these capabilities pose a security risk if the agent's behavior is influenced by malicious instructions via its input sources.

eng-senior