The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external documentation files, such as scenarios and domain models, to drive code generation and testing loops.
Ingestion points: Reads from ./docs/scenarios.md, ./docs/domain-model.md, ./docs/system-design.md, and existing project source code.
Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its internal system instructions and the potentially untrusted natural language instructions contained in the behavior scenarios.
Capability inventory: The skill has access to high-capability tools including Bash, Task, Write, and Edit which can modify the file system and execute code.
Sanitization: There is no evidence of input validation or sanitization for the content processed from these documents.
[COMMAND_EXECUTION]: The skill uses Bash and Task tools to run test suites and manage build processes. While these are necessary for its primary purpose as a software builder, they provide a mechanism for arbitrary command execution if the agent is influenced by malicious instructions in the project documentation or code it processes.

rdd-build