The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of user-controlled requirement files.
Ingestion points: The skill reads the requirements file specified by the user in the first argument ($0) of the command.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate the untrusted content from the rest of the task logic.
Capability inventory: The agent is granted permission to perform web research on any tool or API listed in the file and to write the resulting PRD to the filesystem.
Sanitization: The workflow does not include any steps for sanitizing or validating the input data before it is processed by the agent.

create-second-brain-prd