The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill implements a workflow where the agent modifies Python source files (e.g., operations.py, server.py, backlog.py) and then executes them via uv run and pytest. This dynamic modification and execution of code, driven by user-provided descriptions in $ARGUMENTS, creates a risk of arbitrary code execution.
[COMMAND_EXECUTION]: The skill executes shell commands using uv run to perform linting (prek run) and testing (pytest). These commands operate on files that the agent is instructed to modify during the workflow. The tool prek is not a standard or well-known development package.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface:
Ingestion points: User input is ingested via the <gap_description> tag in SKILL.md using the $ARGUMENTS placeholder.
Boundary markers: The input is structurally contained within <gap_description> tags, providing minimal separation from instructions.
Capability inventory: The skill can modify project scripts across the domain registry, execute shell commands, and update documentation and rules.
Sanitization: No input validation or sanitization is performed before the user-provided description is used to guide automated code modification.

backlog-tools-administrator