The Agent Skills Directory

No Code (SAFE): The file manifest.yaml contains metadata (version, tags, description) and configuration (side effects, preconditions) but no executable scripts, system commands, or prompt instructions.
Indirect Prompt Injection (SAFE): The skill identifies as a generator for requirement prompts, implying ingestion of untrusted data. Evidence: 1. Ingestion: User product descriptions (implicit in description). 2. Boundary markers: None. 3. Capability: File modification and artifact creation (manifest side_effects). 4. Sanitization: None defined in this manifest.

PRP Generator