The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted external data (documentation, proto files, and schemas). 1. Ingestion points: Checklist item 1 and Phase 1 in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: Writing files to 'prd/DDL.md' and using 'TodoWrite' tool. 4. Sanitization: None present. The risk is mitigated by the requirement for explicit user approval at each stage of the incremental design process.

db-schema-designer