The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests untrusted user requests (bug reports, feature descriptions) and incorporates them into subsequent implementation and review prompts. Ingestion points: User requests are processed during the draft-spec and review-spec phases in SKILL.md. Boundary markers: The skill utilizes structured templates with Given/When/Then blocks to delimit data and minimize instruction leakage. Capability inventory: The skill has the ability to read files, execute commands via codex-tmux, and perform git commits. Sanitization: No explicit input sanitization is performed, though the workflow mandates a fresh-context review step to identify potential issues in the generated specifications.

describe