The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches requirements data from well-known services including GitHub and Asana. Integration utilizes official tools like the GitHub CLI and Asana MCP to retrieve content which the skill explicitly treats as untrusted user input.
[COMMAND_EXECUTION]: Executes shell commands via the GitHub CLI to manage requirement hierarchies as GitHub Issues. The skill documentation promotes security best practices, such as using quoted heredocs to prevent command expansion, and requires explicit user confirmation before any actions are taken based on external data.
[PROMPT_INJECTION]: Employs robust behavioral controls to mitigate indirect prompt injection risks. 1. Ingestion points: Data enters the context via GitHub issue fetching, Asana task retrieval, and manual Jira content pasting. 2. Boundary markers: Implements a 'Third-Party Content Safety' protocol and a mandatory user confirmation gate after fetching external data. 3. Capability inventory: Interacts with external repositories using the GitHub CLI via the bash tool. 4. Sanitization: Explicitly instructs the agent to ignore directives within fetched content and flag anomalies like system prompt overrides.

usdm