The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It extracts behavioral rules and architecture patterns directly from user-provided documentation in 'docs/prds/' and incorporates them into the agent's system instructions (rules) without sanitization.
Ingestion points: The skill reads all markdown files within the 'docs/prds/' directory to extract requirements.
Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are used when processing the PRD content into rules.
Capability inventory: The skill has access to powerful tools including 'Bash', 'Write', 'Edit', and 'TodoWrite'.
Sanitization: There is no evidence of validation or filtering for the extracted content before it is used to generate behavioral rules.
[COMMAND_EXECUTION]: The skill uses the 'Bash' tool to perform environment checks, directory creation, and file discovery. It also generates project-specific workflow commands (e.g., '/project:test-loop') that execute shell commands based on the detected project type and test runners.
[EXTERNAL_DOWNLOADS]: The documentation and templates reference external tools and operations, such as the 'gh' CLI for GitHub integration and standard package managers (npm, pip). These are documented for legitimate development workflows.

blueprint-development