The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from multiple external sources. Ingestion points: The skill reads external Notion documents, GitHub PRs, and Linear tickets provided by the user or identified in the work summary (SKILL.md Step 1, 2, and 5). Boundary markers: No explicit boundary markers or warnings are used to tell the agent to ignore instructions embedded within the data. Capability inventory: The skill has permissions to write to Notion and execute commands via the gh CLI. Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external sources before it is processed or written back to Notion.
[Command Execution] (SAFE): The skill uses the gh CLI as a tool for repository access. Evidence: SKILL.md mentions GitHub access using the gh tool. Context: This is a standard and expected operation for the skill's primary function of documenting code-related projects.

sred-project-organizer