The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted story descriptions from external sources (Linear tasks or local markdown files) and processes them to calculate RICE scores. * Ingestion points: Story descriptions are loaded in Phase 3.1 from the task provider or story.md files. * Boundary markers: The skill workflow does not define boundary markers or explicit instructions to ignore embedded commands within the ingested story content. * Capability inventory: The skill has access to Bash (for directory creation), Write (for saving reports), and WebSearch. * Sanitization: There is no mention of sanitizing or escaping the story descriptions before they are analyzed by the LLM.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute mkdir -p docs/market/[epic-slug]/. Although the skill mentions slugifying the Epic title, this represents a potential injection point if the slugification is insufficient to prevent command injection or path traversal via the directory name.
[EXTERNAL_DOWNLOADS]: The skill performs research by fetching data from external web sources using WebSearch and mcp__Ref. It specifically references well-known technology organizations and market research services (e.g., Gartner, Statista) to obtain market size and competition data, which is appropriate for its stated purpose.

ln-230-story-prioritizer