The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection by directing the agent to process potentially untrusted external data.
Ingestion points: As described in references/task-workflow.md, agents are instructed to "Read ALL fields" including "References" and "Documentation" and to "Open any attached files/URLs to understand context."
Boundary markers: There are no requirements for delimiters or instructions for the agent to ignore embedded commands within the fetched content.
Capability inventory: The agent has the ability to execute the backlog CLI and perform implementation work (coding), which could be manipulated if malicious instructions are embedded in a task's external references.
Sanitization: The skill lacks any mention of sanitizing or validating the content retrieved from external files or URLs before the agent processes it.
[COMMAND_EXECUTION]: The skill's primary functionality relies on the execution of the backlog CLI tool. It provides a detailed reference for various commands to create, edit, and list tasks, which are executed in the local environment to manage the project backlog.

backlog-md