The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it is instructed to ingest untrusted data from external sources. ● Ingestion points: The 'Discovery Policy' in SKILL.md requires the agent to read external web sources and official documentation. ● Boundary markers: Absent; there are no instructions to ignore or delimit embedded commands within the ingested data. ● Capability inventory: The skill has the capability to write and update markdown files in the tasks/ directory. ● Sanitization: Absent; external data is summarized and persisted directly into workspace files.
[DATA_EXFILTRATION]: The skill's 'Discovery Policy' mandates the inspection of sensitive file types including configs, permissions, and migrations. This behavior extracts internal system architecture and security configurations into plain-text PRD documents, increasing the risk of data exposure within the project workspace.

prd