The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface because it processes documentation files (REQ, SYS) that are subject to external modification. . Ingestion points: The agent is instructed to extract file paths and requirement references from @sys: tags, traceability tables, and markdown links. . Boundary markers: Absent. There are no instructions for the agent to isolate content from these files or treat it as potentially untrusted data. . Capability inventory: The agent has the capability to execute shell commands (sha256sum, grep) and perform file system writes based on the data it reads. . Sanitization: Absent. The skill lacks specific validation logic for resolved paths or requirement identifiers, which could allow for path traversal or command injection via crafted document content.
[COMMAND_EXECUTION]: The 'Upstream Drift Detection' feature requires the agent to execute shell commands (sha256sum and grep) using file paths derived from documentation content. This capability is risky if the agent does not independently verify that the paths belong to the intended project directories, as it could be manipulated into reading unauthorized files or executing arbitrary commands through shell injection.

doc-req-reviewer