The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user data in Phase 1 (project vision) and processes documents in subsequent phases, which could contain malicious instructions designed to influence the code generation or deployment steps.
Ingestion points: User input for project vision and requirements; reading documents from the docs/ directory (e.g., requirements.md, prd.md, architecture.md).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided skill files.
Capability inventory: The skill has the capability to write files to the filesystem (src/, docs/, tests/), execute workflows (via specialized sub-skills), and run deployment tasks and validation scripts.
Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill's architecture includes the execution of local scripts for quality assurance and deployment activities.
Evidence: The configuration section in SKILL.md describes check_scripts (e.g., scripts/check-database.py, scripts/check-backend.py) that are intended to be executed to validate the output of different phases. Phase 11 (Deployment) also involves environment configuration and pipeline execution which typically require shell command execution.

full-development