The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the ingestion of untrusted external content. 1. Ingestion points: Data enters the agent's context through GitHub issue bodies, checklists, comments, pull request descriptions, and repository documentation as specified in SKILL.md and references/status-phase-rules.md. 2. Boundary markers: The instructions lack explicit delimiters or instructions to ignore potential commands embedded within the ingested data, though they do provide logic-based decision rules. 3. Capability inventory: The skill is authorized to modify the status fields of GitHub project board items. 4. Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the agent.

project-status-phase