The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it explores the codebase and processes its content to generate a PRD. Malicious instructions embedded in repository files could potentially manipulate the agent's behavior or the output document.
Ingestion points: Local repository files (SKILL.md, step 2).
Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the data it reads.
Capability inventory: File system read (exploring the repo) and file system write (saving the PRD to docs/prds/).
Sanitization: Absent; content from the repository is not validated or sanitized before being incorporated into the prompt context.

write-a-prd