The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its document processing workflow. * Ingestion points: The skill reads files from the docs/需求文档/*.md directory. * Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious content within the requirement documents. * Capability inventory: The agent has the ability to read source code, configuration files (e.g., ErrorCode.php, SysGlobalVarModel), create new markdown files in docs/设计文档/, and modify existing requirement documents. * Sanitization: No sanitization or validation of the input document content is performed before it is used to influence the generated output or file modifications.

requirement-doc-to-design