The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of ingesting and acting upon data from an external API.
Ingestion points: The agent reads task descriptions, comments, and project vision documents from the Store and Vision APIs (documented in SKILL.md and references/api-reference.md).
Boundary markers: No specific delimiters or instructions are provided to the agent to treat the fetched data as untrusted or to ignore instructions embedded within it.
Capability inventory: The skill allows the agent to update task statuses, modify roadmaps, and spawn sub-agents for code-heavy tasks (foundry-openai-responses/gpt-5.3-codex), which could be abused if an injection is successful.
Sanitization: There is no evidence of sanitization or structural validation for the content retrieved from the API.
[COMMAND_EXECUTION]: The skill uses curl commands to interact with the Org Studio REST API hosted at http://localhost:4501. These commands are used for legitimate task management and roadmap orchestration.

org-studio-api