The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection through untrusted data ingestion.
Ingestion points: The feature_id and acceptance_criteria parameters in the implement_feature method (as shown in SKILL.md) are entry points for external data.
Boundary markers: No delimiters or safety instructions are specified to separate feature requirements from the agent's internal logic.
Capability inventory: The skill possesses the capability to write and execute code via scripts/test_writer.py and scripts/test_runner.py respectively.
Sanitization: There is no evidence of input validation or sanitization to prevent malicious instructions within the acceptance_criteria from being translated into executable code.
Dynamic Execution (LOW): The skill is designed to generate, modify, and execute scripts at runtime.
Evidence: The workflow involves generating tests (test_writer.py), implementing logic to pass them, and executing the resulting code (test_runner.py). This is a powerful capability that, while intended for TDD, requires rigorous oversight of the input data used to drive the generation process. The severity is lowered because this functionality is the primary intended purpose of the skill.

tdd-workflow