The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted user-provided content into a generated file structure.\n- Ingestion points: User descriptions of application ideas, roles, and features collected during the conversational workflow defined in SKILL.md.\n- Boundary markers: The skill does not utilize explicit delimiters or instructions to ignore or escape potentially malicious commands embedded within user-provided requirements.\n- Capability inventory: The agent has the capability to generate formatted Markdown content intended for persistent files such as REQUIREMENTS.md or CLAUDE.md.\n- Sanitization: No evidence of input validation or sanitization is present to ensure that user-provided data does not alter the agent's behavior or include dangerous payloads in the final output.

requirements-ai