The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests potentially untrusted data from existing files and user arguments to perform file-writing operations.
Ingestion points: The agent reads product context, PRDs, and existing experiment documents from the '.chalk/docs/product/' directory (Steps 1 and 9) and parses user-provided hypothesis data via '$ARGUMENTS' (Step 2).
Boundary markers: The instructions do not define boundary markers (e.g., delimiters) or provide explicit warnings to the agent to ignore instructions that might be embedded within the documents it reads.
Capability inventory: The skill has the 'Write' tool permission, which it uses to create and save new markdown documentation in the project directory (Step 10).
Sanitization: There is no evidence of sanitization, validation, or escaping of the content retrieved from external files or provided in user arguments before it is processed or written.

create-experiment-design