The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted PRD content to generate executable task definitions. \n- Ingestion points: The PRD content enters the agent context via the $ARGUMENTS variable inside the <prd> block in SKILL.md. \n- Boundary markers: While the input is delimited by <prd> tags, there are no instructions provided to the agent to ignore or isolate potentially malicious directions embedded within the PRD content. \n- Capability inventory: The skill workflow includes reading local project files (package.json, CLAUDE.md), performing codebase searches using Grep or Glob, and writing generated Markdown files to the local docs/features/ directory. \n- Sanitization: No sanitization or validation of the PRD input is performed before it is used to derive verification plans and success criteria that may include shell commands (e.g., tsc, curl) to be executed by the agent in subsequent steps.

generate-task