The Agent Skills Directory

Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection. By reading and 'analyzing' untrusted PRD files, the agent could be manipulated by malicious instructions hidden within those documents.
Ingestion points: The skill explicitly reads PRD files from the user's directory (Step 1).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the PRD content as untrusted data.
Capability inventory: The skill has the capability to write and update markdown files (tracking documents) in the local file system.
Sanitization: The skill does not perform any validation or sanitization on the content extracted from the PRD files before using it to drive the questioning strategy.

prd-clarifier