The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes untrusted data from external sources and uses it to drive task management decisions.
Ingestion points: The skill ingests content from Pull Request descriptions, comments, and reviews through vibe flow review --json, and scans markdown files in docs/plans/ and docs/prds/ (SKILL.md, Step 2.5 and Step 3).
Boundary markers: No specific boundary markers or 'ignore embedded instructions' directives are defined for the data processed from PRs or documentation.
Capability inventory: The skill is capable of modifying the task registry using commands such as vibe task add, vibe task update, and vibe task remove.
Sanitization: There is no evidence of sanitization or filtering of the external text before it is analyzed by the AI for task extraction.
[COMMAND_EXECUTION]: The skill executes various local CLI commands to retrieve data and perform modifications.
Evidence: Commands like vibe task list --json, vibe task audit --all, and vibe task update are used to manage the repository's internal state. While these are necessary for the skill's function, they represent a risk if combined with the indirect prompt injection vulnerability.

vibe-task