The Agent Skills Directory

[Indirect Prompt Injection Surface]: The skill processes content from Confluence pages (ingestion point: getConfluencePage in SKILL.md) and uses it to perform actions in Jira (capability: createJiraIssue in SKILL.md). There are no specific boundary markers or sanitization steps mentioned to isolate external content from instructions. However, the skill incorporates a manual verification step where the agent must present the breakdown to the user for confirmation before any tickets are created, which serves as a critical safety check.\n- [User Confirmation Mechanism]: As a security best practice, the skill explicitly includes a confirmation step (Step 4: Present Breakdown to User). This ensures that the agent's interpretation of the specification is reviewed by a human before any Jira tickets are created, providing a robust layer of oversight.\n- [Tool Usage and Scope]: The skill utilizes standard Atlassian integration tools for reading and writing data within the user's authorized Jira and Confluence environments. No unexpected network operations or access to sensitive local files were detected.

spec-to-backlog