The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted user data into its operational flow.
Ingestion points: User-provided requirements are ingested through the $ARGUMENTS variable in the SKILL.md file.
Boundary markers: The skill does not implement delimiters (like triple quotes) or specific instructions for the agent to ignore embedded commands within the requirement input.
Capability inventory: The skill orchestrates multiple sub-agents—including requirement-analyzer, codebase-analyzer, technical-designer, code-verifier, document-reviewer, and design-sync—which collectively possess the capability to read project source code and write design documentation (as defined in SKILL.md).
Sanitization: No sanitization, filtering, or validation logic is defined to check the contents of the requirements input before it is passed to the sub-agents.

recipe-design