The Agent Skills Directory

[PROMPT_INJECTION]: The skill employs authoritative and forceful language ("CRITICAL: You MUST", "Do NOT skip", "GATE: STOP") to dictate agent behavior and enforce a specific execution sequence. While intended for workflow management, these patterns resemble techniques used in prompt injection attacks to override or bypass system-level constraints.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the use of unvalidated user input. • Ingestion points: User-provided feature descriptions enter the context via the $ARGUMENTS variable in SKILL.md and are passed to the planning tool. • Boundary markers: No delimiters or "ignore embedded instructions" warnings are present around the user input interpolation to prevent the agent from obeying instructions hidden within the data. • Capability inventory: The skill coordinates significant capabilities, including file modification via implementation work (/ce:work) and browser-based testing (/compound-engineering:test-browser). • Sanitization: There is no evidence of input validation, escaping, or sanitization before passing user data to sub-skills.

lfg