The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its autonomous processing of external, untrusted data. \n- Ingestion points: The skill ingests natural language stakeholder desires during setup and refinement, as well as descriptions from external issue trackers like GitHub, GitLab, and Jira (references/ceremonies/backlog-refinement.md). \n- Boundary markers: There are no explicit delimiters or instructions used to separate user-provided content from agent instructions during ceremony interpolation. \n- Capability inventory: The agents have access to the Bash tool and can modify project-wide configuration files including CLAUDE.md, rule files, and agent definitions. \n- Sanitization: External input is processed without sanitization or validation, allowing it to influence agent logic and project state. \n- [COMMAND_EXECUTION]: The skill uses shell commands for environment management and project workflow automation. \n- Evidence: Execution of ln -s for global installation and rm for uninstallation of skill files in the user directory. \n- Evidence: Automated git commit operations for archiving sprint data and recording process improvements. \n- Context: These operations are local to the user's environment and project directory, consistent with the skill's functional purpose.

scrum