The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a vendor-specific tool dxs (via the command dxs report inspect) to parse and extract data from .rdlx-json report files. This is a legitimate use of project-specific tooling for the skill's stated purpose.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core function of ingesting data from external, potentially untrusted sources.
Ingestion points: Extracts information from DevOps work items, mockups/screenshots, PDF/Word/Excel documents, and SQL queries inside SSRS .rdl files (as described in SKILL.md).
Boundary markers: The instructions do not mention the use of delimiters or instructions to ignore embedded commands within the processed data.
Capability inventory: The skill itself is a requirements gatherer and formatter; however, its output is explicitly designed to be consumed by downstream skills like datasource-creator and report-creator, which likely possess broader execution capabilities.
Sanitization: There are no specified procedures for sanitizing, validating, or escaping the content extracted from external sources before it is compiled into the requirements brief.

requirements-gathering