The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill includes instructions to ingest and process untrusted external data, specifically user feedback, support tickets, and app reviews (found in data/context-templates.md and steps-a/step-02-gather-context.md). This constitutes an indirect prompt injection surface.
Ingestion points: Data entry points for user feedback, analytics reports, and target group materials in steps-a/step-01-identify.md and steps-a/step-02-gather-context.md.
Boundary markers: The templates provide structured sections for data but do not explicitly instruct the agent to ignore embedded instructions within the processed text.
Capability inventory: The skill has the capability to write files to the local system, execute Git commands (git checkout, git diff), and create Pull Requests using the GitHub CLI (gh pr create).
Sanitization: There is no explicit sanitization or filtering logic mentioned for the ingested feedback content.
[COMMAND_EXECUTION]: The workflow involves the execution of shell commands for version control and repository management (e.g., git checkout -b in workflow-implement.md and gh pr create in workflow-deploy.md). These commands are standard for the skill's primary purpose as a development and design evolution tool and do not involve privilege escalation or unauthorized access.

wds-8-product-evolution