The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the local development environment.
Ingestion points: The skill reads project documentation from several subdirectories within .chalk/docs/ and executes Bash commands to retrieve git commit logs and metadata.
Boundary markers: There are no explicit delimiters or "ignore previous instructions" safety markers used when the agent interpolates the retrieved project context into its internal reasoning or output generation.
Capability inventory: The skill is granted access to powerful tools including Bash, Read, Write, Glob, and Grep. While these are intended for analysis and file generation, they could be misused if the agent follows instructions found within the project data.
Sanitization: The skill does not implement any sanitization, validation, or filtering of the content retrieved from git history or project documents before it is processed by the AI.

create-stakeholder-update