The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process arbitrary project files and user-provided ideas as context.
Ingestion points: Reads all files in the working directory and documentation in docs/ (idea-process.md).
Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the context files.
Capability inventory: Reading local files, writing markdown documentation and task lists, and invoking downstream skills (testing-process, documentation-process, solid-code-review, implementation-review).
Sanitization: No sanitization or filtering of the ingested content is specified.
[COMMAND_EXECUTION]: The skill instructs the agent to execute a chain of other autonomous skills, creating a multi-step agentic workflow.
Evidence: idea-process.md Step 6 and example-tasks.md Task 5 define a verification process that requires running testing-process, documentation-process, solid-code-review, and implementation-review.
[DATA_EXFILTRATION]: The skill directs the agent to read all files in the current working directory for context, which may lead to the exposure of sensitive files if present in the repository.
Evidence: idea-process.md directs the agent to "understand the existing code in our working directory" as the first step of the refinement process.

analysis-process