The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using variables parsed from project files. Specifically, the command 'gsd-sdk query phase.add "${DESCRIPTION}" --raw' interpolates the description of a backlog item directly into a shell command. If the 'ROADMAP.md' file contains malicious shell sequences like backticks or command substitution syntax within a description, these could be executed by the system during the promotion process.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it ingests and processes data from external files that might contain untrusted content. 1. Ingestion points: The skill reads project documentation including '.planning/ROADMAP.md', 'CONTEXT.md', and 'RESEARCH.md' (Step 2). 2. Boundary markers: Absent. There are no instructions or delimiters used to ensure the agent ignores instructions embedded within the processed data. 3. Capability inventory: The skill can list directories, read file contents, rename directories, delete directories, and perform commits via the 'gsd-sdk' tool. 4. Sanitization: Absent. Content extracted from markdown files is not validated or sanitized before being used in subsequent logic or shell operations.

source-command-gsd-review-backlog