The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data from Miro boards using tools like context_get. Malicious instructions embedded in a board's HTML or Markdown content could attempt to influence the agent's behavior during parsing or task execution.
Ingestion points: Miro board items (documents, prototype screens, diagrams) retrieved in SKILL.md (Step 7).
Boundary markers: There are no explicit delimiters or "ignore previous instructions" warnings applied to the data retrieved from Miro before it is processed.
Capability inventory: The skill has capabilities for file system writes, network requests via curl, and the creation of general-purpose subagents.
Sanitization: Content is saved to disk in its original form; the logic for parsing HTML to find image URLs does not include sanitization of the source data.
[COMMAND_EXECUTION]: The skill uses shell commands (mkdir, rm, curl) for essential functions like creating the specification directory structure and downloading images. These commands are used for their intended purpose, and the instructions specifically include quoting for variables like [download_url] to prevent command injection.
[EXTERNAL_DOWNLOADS]: The skill downloads image assets from Miro's platform using URLs obtained through the Miro MCP tools. These downloads are directed to the .miro/specs/images/ folder and are a core part of the skill's functionality to provide offline access to board resources.

miro-code-spec