The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform filesystem operations and environment detection. Specifically, it executes mkdir -p to create nested directory structures for branding and project files, and it runs git branch --show-current to identify the current working branch for project state tracking.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for Indirect Prompt Injection because it automatically processes untrusted data from the user's codebase.
Ingestion points: In Step 1b, the skill spawns a background agent to scan the entire codebase and generate documentation in the .design/system/ directory. It also performs checks on package.json and existing files within .design/.
Boundary markers: The instructions do not specify any delimiters or safety constraints to prevent the agent from obeying instructions that might be hidden inside the scanned codebase files (e.g., in code comments or README files).
Capability inventory: The skill and its sub-agents have access to powerful tools including Read, Write, and Bash, which could be exploited if the agent is influenced by malicious content in the codebase.
Sanitization: There is no explicit mechanism described to sanitize or filter the content of scanned files before they are processed by the agent logic.

start