The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a workflow where an agent reads and obeys recommendations from a KPI JSON file. Since this file is generated based on task implementations that may be provided by untrusted sources, it introduces a risk of indirect prompt injection. \n- Ingestion points: The agent is instructed to read generated JSON files from the docs/specs/ directory using the Read tool. \n- Boundary markers: No instructions are provided to the agent to treat the recommendations or summary fields as untrusted data or to ignore embedded instructions. \n- Capability inventory: The skill uses the Read tool to ingest data and uses the content to decide whether to 'Approve and proceed' or 'Create fix specification', allowing the data to drive agent logic. \n- Sanitization: There is no evidence of validation or sanitization of the KPI data before it influences the agent's behavior.

task-quality-kpi