The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external PRD files (prds/*.md) which are treated as untrusted data. * Ingestion points: Reads content from files in the prds/ directory. * Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded within the PRD content. * Capability inventory: The agent has the ability to read files, explore the codebase, and write new Markdown files to the plans/ directory. * Sanitization: No sanitization or validation of the PRD content is performed before processing.
[COMMAND_EXECUTION]: Uses dynamic context injection to list files in the prds/ directory at load time. * Evidence: !ls prds/ 2>/dev/null || echo "no prds/ directory found" in SKILL.md. * Note: The command is hardcoded and does not include user-supplied arguments, posing minimal risk.

prd-to-plan