The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external sources to drive its logic.
Ingestion points: The skill reads content from PROGRESS.md, fetches GitHub issue details via gh issue view, and loads specification files from the ./specs/ directory.
Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when processing these external inputs.
Capability inventory: The agent can execute shell commands via the GitHub CLI (gh), perform file system operations (read/write), and execute generated test code.
Sanitization: No evidence of input validation, escaping, or filtering of the content retrieved from specs or issues was found.
[COMMAND_EXECUTION]: The skill performs several shell operations using the GitHub CLI tool. It executes gh repo view to detect the environment, gh issue view to read specifications, and various gh issue subcommands (close, edit) to manage the project's state. Additionally, the skill's core loop involves running test suites, which entails arbitrary code execution within the development environment.

tdd