The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from local project files and user requirements.
Ingestion points: Project files are read during 'Phase 1: Autonomous Code Reading' (SKILL.md) using grep, and requirements are ingested in Stage 2.
Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores potentially malicious instructions embedded in the source code or requirement text.
Capability inventory: The agent performs file system searches and creates executable shell command sequences in the generated test cases.
Sanitization: No sanitization or filtering of external content is mentioned before the data is processed or output.
[EXTERNAL_DOWNLOADS]: The generated HTML review templates fetch the Mermaid diagramming library from a well-known service (jsdelivr.net).
Evidence: The script import https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs is present in assets/prd-review.html.tmpl and sample files.
[COMMAND_EXECUTION]: The skill's workflow depends on the agent executing shell commands for analysis and defining test steps that involve running Node.js scripts.
Evidence: The instructions mandate using grep on the project root to find code entry points and drafting test cases that execute commands like npm run smoke:provider.
[SAFE]: The generated HTML documentation utilizes securityLevel: 'loose' for its Mermaid initialization.
Evidence: This configuration, found in samples/PRD-SAMPLE-review.html and the associated templates, allows HTML labels in diagrams which could pose an XSS risk if the diagram source contains malicious payloads.

prd-test-writer