The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to create directory structures for new brands. To prevent command injection, the instructions include a strict validation rule requiring the brand name to consist only of lowercase alphanumeric characters and hyphens.
[DATA_EXFILTRATION]: While the skill collects business-sensitive information (competitors, business models, and personas), the data is stored exclusively in local files within the .design/ directory. The skill does not request or use network-enabled tools, ensuring data remains within the project environment.
[PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting untrusted user responses and writing them into Markdown files (BRIEF.md).
Ingestion points: User responses gathered via AskUserQuestion throughout the discovery process.
Boundary markers: Absent; the skill directly interpolates user answers into template sections.
Capability inventory: Bash (for directory creation) and Write (for file generation).
Sanitization: The brand name is validated for shell safety, but the descriptive content of the brand brief is stored without escaping, which is standard for documentation tools.

gsp-brand-brief