The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes technical documents provided by the user. Malicious instructions embedded within the source documents (e.g., hidden in comments or metadata) could potentially attempt to influence the agent's extraction and reasoning logic during the briefing generation process.
Ingestion points: Document content read from the <doc-path> argument.
Boundary markers: The skill uses structured extraction templates and explicit 'Evidence Insufficient' rules, but does not define strict delimiters for the raw input data during the processing phase.
Capability inventory: Includes file reading, global search, and shell command execution (git, grep, cat) via the Codex tool.
Sanitization: Implements robust path validation (normalizing paths, rejecting parent directory traversal, and enforcing repository boundaries) and a redaction scan for secrets.
[COMMAND_EXECUTION]: The verification workflow in references/codex-verify-prompt.md uses the mcp__codex__codex tool to execute shell commands including git status, git diff, cat, grep, and ls. These commands are configured to run in a read-only sandbox with an approval-policy of never, which limits the risk of unauthorized system modifications while performing project research and document verification.

fp-brief