The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates and executes shell commands for yq and git using interpolated variables such as {TICKET}, {EPIC-ID}, and {STORY-ID}. Without rigorous sanitization of these identifiers, the skill is susceptible to command injection attacks if these variables are influenced by external or untrusted sources.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of reading and analyzing untrusted content from tech-spec.md and git diffs. Evidence: (1) Ingestion points: tech-spec.md, conventions.md, and git diff outputs. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present. (3) Capability inventory: The skill can update YAML files via yq -i, read repository history via git, and orchestrate multiple sub-agents. (4) Sanitization: There is no evidence of input validation or sanitization before processing project data.
[EXTERNAL_DOWNLOADS]: The instructions include a check for the yq command-line tool and suggest a manual installation via Homebrew (brew install yq) if it is missing. While not an automated execution, it encourages the installation of external dependencies.

bf-lead-review