The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from external sources without explicit boundary markers or sanitization logic.\n- Ingestion points: Content is retrieved via document_view or read directly from the local file system.\n- Boundary markers: The instructions do not define specific delimiters or instructions to the agent to ignore potentially malicious content within the PRDs.\n- Capability inventory: The agent has the capability to create new records in the backlog system using the task_create tool.\n- Sanitization: There is no mention of escaping or validating the content of the PRD before it is used to generate task descriptions.

prd-to-tasks