The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from local project files (e.g., README.md, package.json) and potentially scrapes user-provided website URLs to pre-fill context fields.
Ingestion points: SKILL.md (Mode 2: Auto-Detect) identifies files like README.md, package.json, and questionaire.md as sources of information.
Boundary markers: The skill includes a significant mitigation by requiring the agent to ask the user to confirm or correct all detected information before finalization.
Capability inventory: The skill performs local file reads, external network reads (scraping), and file writes within the project directory.
Sanitization: Output rules specify basic validation for hex color formats and URL protocols to ensure data integrity.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to scrape content from external URLs provided by the user during the onboarding process. This behavior is a core component of the skill's intended functionality to assist with product information gathering and is supervised by the user.

iopho-product-context