The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its artifact generation workflow. Ingestion points: User-supplied values provided via CLI arguments (e.g., --project, --feature, --title) to the scripts/qa_artifacts.mjs script. Boundary markers: The templates located in assets/templates/ lack delimiters or instructions directing the agent to ignore instructions embedded within the generated data fields. Capability inventory: The scripts/qa_artifacts.mjs script utilizes the fs.writeFileSync module to create and modify files on the local file system. Sanitization: The renderTemplate function in scripts/qa_artifacts.mjs uses a direct replaceAll method to insert user input into templates without performing any escaping, validation, or sanitization of the content.

qa-manual-istqb