The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting and processing untrusted data from both local and remote sources.\n- Ingestion points: The agent context is populated with data from local project files (e.g., CFD-* entries, PRD.md) and external web content retrieved via research templates targeting sites like Reddit, G2, and Capterra.\n- Boundary markers: The instructions do not provide explicit delimiters or "ignore embedded instructions" warnings for the agent when reading from these untrusted sources.\n- Capability inventory: The skill is configured with powerful capabilities including Read, Write, Edit, WebSearch, and WebFetch, which could be leveraged if an injection occurs.\n- Sanitization: There is no logic for sanitizing or validating the content of the data ingested before it is interpolated into the agent's workflow.

prd-v01-user-value-articulation