The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to process external PRD documents which may contain indirect prompt injection attempts intended to manipulate the agent's review results.
Ingestion points: External document content is ingested via the $ARGUMENTS variable or direct user input as described in SKILL.md.
Boundary markers: Absent. The skill instructions do not specify the use of delimiters to separate untrusted user content from the core review logic.
Capability inventory: The skill is scoped to text analysis and report generation; it does not request permissions for dangerous tools such as network access or arbitrary file system writes during the analysis process.
Sanitization: No explicit filtering or sanitization of the input text is mentioned in the logic.
[COMMAND_EXECUTION]: The development script scripts/validate.py utilizes subprocess.run to execute a local Python script (scripts/build.py) as part of its build and validation workflow.
Evidence: subprocess.run([sys.executable, str(BUILD_SCRIPT)], cwd=ROOT, check=True) in scripts/validate.py.
Context: This execution is used solely for artifact generation and structural validation during the development phase and is not invoked during the agent's runtime execution of the PRD review tasks.

check-prd