The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is a high-privilege orchestrator that processes untrusted external content with significant write and execution capabilities.
Ingestion points: The {feature-description} argument provided by the user in SKILL.md is passed directly to the slash command tool.
Boundary markers: There are no boundary markers or delimiters defined to separate the instructions from the user-provided feature description, making it easy for an attacker to hijack the workflow.
Capability inventory: The skill possesses extensive capabilities including 'Execute implementation', 'Create git branch', 'Create atomic git commit', and 'Create pull request'.
Sanitization: There is no evidence of sanitization, validation, or escaping of the user input before it is used to trigger these automated actions.
Command Execution (MEDIUM): The skill relies on a SlashCommand /prp-core-run-all which, by its nature, triggers a sequence of system-level operations (git operations and code execution). While intended for automation, the lack of input control allows for the execution of unintended commands if the implementation engine is successfully manipulated.

prp-core-runner