The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data (GitHub Issue titles and descriptions) which is then interpolated into a feature request prompt passed to other skills.
Ingestion points: The mcp__plugin_dh_backlog__backlog_view tool retrieves issue bodies and titles; content is also read from local backlog files.
Boundary markers: The feature request template in Step 5 lacks explicit delimiters (e.g., XML tags or triple dashes) or instructions for the agent to ignore embedded commands within the {description} or {research_first} fields.
Capability inventory: The skill can invoke other complex skills like add-new-feature and implement-feature, and executes shell commands via git.
Sanitization: There is no evidence of sanitization, escaping, or validation performed on the ingested text before it is used in subsequent prompts.
[EXTERNAL_DOWNLOADS]: The skill references downloading methodology documentation from a remote repository associated with the vendor.
Evidence: references/sam-definition.md contains instructions to perform a git clone of https://github.com/bitflight-devops/stateless-agent-methodology.git to access core methodology files.
[COMMAND_EXECUTION]: The skill uses shell commands for repository inspection and verification.
Evidence: Uses git log with various flags (e.g., --oneline, --grep) in Steps 1b, 2.3, and 9e to find evidence of completed work or linked pull requests.
[DATA_EXFILTRATION]: The skill communicates project-specific metadata to external GitHub infrastructure.
Evidence: Uses MCP tools to create and update GitHub Issues, milestones, and labels, which involves transmitting local project descriptions and titles to the GitHub API.

work-backlog-item