The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes untrusted data from local specification files and writes updates to the filesystem, creating an attack surface where embedded instructions could influence agent behavior. 1. Ingestion points: Reads from specs/gap-analysis.md and various feature specification files. 2. Boundary markers: Absent; the skill does not define delimiters to separate ingested data from agent instructions. 3. Capability inventory: Performs file-write operations within the specs/ directory. 4. Sanitization: Absent; there is no evidence of input validation or content escaping for the processed data.

complete-spec