The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted user input (product ideas/requests) and interpolates it into documentation files. * Ingestion points: User-provided feature ideas, product requests, or protocol changes described in SKILL.md. * Boundary markers: Absent; there are no delimiters or specific instructions for the agent to ignore instructions embedded in the user's input. * Capability inventory: File-write operations to the docs/plans/ directory as specified in SKILL.md. No shell execution, network access, or dynamic code execution capabilities are present in the skill definition. * Sanitization: Absent; the instructions do not specify validation or escaping of user input before writing it to a specification file.
[NO_CODE]: The skill consists solely of natural language instructions and does not ship with any executable scripts, binaries, or configuration files that perform automated actions.

idea-to-spec