The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on parsing untrusted audit reports and upstream documents.
Ingestion points: The skill reads BRD-NN.A_audit_report_vNNN.md and upstream reference files from 00_REF/ to determine fix actions.
Boundary markers: No delimiters are used to separate ingested content from system instructions.
Capability inventory: The skill can write, move, and delete files on the local filesystem (e.g., shutil.move, Path.write_text, find -delete).
Sanitization: There is no evidence of input validation or sanitization before document content influences file operations.
[COMMAND_EXECUTION]: The skill documentation includes destructive shell commands for file management.
Evidence: The 'Report Cleanup Policy' prescribes the command find "${BRD_FOLDER}" -name "BRD-*.F_fix_report_v*.md" ! -name "$(basename ${NEW_REPORT})" -delete. This command poses a risk of unintended file deletion if path variables are influenced by malicious input. Additionally, the skill utilizes sha256sum and grep for hash verification and detection.

doc-brd-fixer