The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is configured to write generated Markdown artifacts to local directories (e.g., docs/backlog/). This is the primary function of the skill and follows safe practices like requesting confirmation before writing and checking for directory existence.
[PROMPT_INJECTION]: The skill takes free-form user input and formats it into documentation, creating a surface for indirect prompt injection if downstream systems process the artifacts without sanitization. 1. Ingestion points: Raw user descriptions in the input schema and behavior sections. 2. Boundary markers: Data is structured using Markdown templates and YAML frontmatter; no explicit escaping or "ignore instructions" delimiters are applied to the user-provided content. 3. Capability inventory: Local file-write operations to project documentation folders. 4. Sanitization: None performed, as the skill acts as a structured formatter.
[DATA_EXFILTRATION]: The skill reads project goals from docs/project-overview/strategic-goals.md to assist with categorization. This access is limited to non-sensitive project documentation, and no network operations are present.

capture-work-items