The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a shell command mkdir -p <project-name>/docs to create the project directory. The folder name is determined dynamically based on discovery and user input, which could potentially lead to command injection or directory traversal if the input contains malicious characters and is not sanitized by the execution environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its workflow of ingesting external data and performing actions based on it. * Ingestion points: The skill uses the WebSearch tool to gather technical best practices and project patterns from the internet. It also uses AskUserQuestion to gather user requirements. * Boundary markers: There are no explicit instructions or delimiters used to separate the external content from the agent's instructions, nor are there warnings to the model to ignore potential instructions embedded in the search results. * Capability inventory: The skill possesses the capability to execute filesystem commands (via mkdir) and write multiple markdown files to the local disk. * Sanitization: No sanitization or validation logic is defined for the content retrieved from the web or provided by the user before it is incorporated into the documentation or used in command parameters.

project-init