The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it transforms external specifications into executable plans.\n- Ingestion points: The skill consumes untrusted 'spec or requirements' as its primary input.\n- Boundary markers: No delimiters or instructions to ignore embedded commands are used to encapsulate the input data.\n- Capability inventory: The skill generates plans involving file creation, code modification, and shell command execution (e.g., git and pytest), which are then passed to sub-agents for execution.\n- Sanitization: No input validation or sanitization logic is defined to prevent malicious content in requirements from influencing the generated plan.

writing-plans