The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted content from specification files to drive automated actions, creating an attack surface for indirect prompt injection.
Ingestion points: The skill ingests data from external specification files specified by the ${file} parameter and searches files in the /spec/ directory.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the specification content as data rather than instructions, which could lead to the agent obeying commands hidden in the requirements.
Capability inventory: The skill uses create_issue and search_issues tools to interact with external GitHub repositories.
Sanitization: No sanitization or validation logic is described for the content extracted from specification files before it is passed to the issue creation tool.

create-github-issues-for-unmet-specification-requirements