The Agent Skills Directory

[SAFE]: The skill performs local file operations restricted to the plans/ directory, reading PRDs and writing issue markdown and JSON index files.\n- [DATA_EXFILTRATION]: Analysis confirmed no network activity or external communication; all data remains within the project environment.\n- [COMMAND_EXECUTION]: No shell commands, external script calls, or dynamic code execution patterns were identified in the instruction set.\n- [PROMPT_INJECTION]: The skill ingests untrusted text from plans/[plan-name]/README.md to generate issue content, which represents an indirect prompt injection surface. Evidence Chain: (1) Ingestion point: plans/[plan-name]/README.md (Step 1). (2) Boundary markers: No explicit delimiters or ignore-instructions warnings are used when reading the PRD. (3) Capability inventory: File system read/write in plans/ folder and codebase exploration. (4) Sanitization: No sanitization of the PRD content is performed before processing. Risk is assessed as safe as the functionality is core to the skill purpose and includes a mandatory human-in-the-loop approval step before file creation.

prd-to-issues