The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from various files within the project directory (source code, design documents, etc.) which could contain malicious instructions designed to subvert the agent's behavior. * Ingestion points: Files are read from directories including design/, src/, production/, prototypes/, docs/architecture/, and tests/ as specified in the Workflow section of SKILL.md. * Boundary markers: The instructions do not define clear delimiters or include warnings to the agent to ignore embedded instructions within the analyzed files. * Capability inventory: The skill has access to the Bash tool and file write capabilities (specifically writing the project-stage-report.md), providing an execution path for injected instructions. * Sanitization: There is no mention of sanitizing, escaping, or validating the content of the files before they are processed or included in reports.

project-stage-detect