The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's configuration schema in references/config-schema.json and its defaults in references/default-config.json specify access to sensitive environment files such as .env, .env.local, and .env.development. This access is intended to retrieve the WEBAPP_DOMAIN for visual verification tasks. While this is a configuration convenience for developers, environment files are high-value targets that often contain sensitive credentials.
[PROMPT_INJECTION]: The skill coordinates a workflow that ingests untrusted data from external ticket providers (YouTrack, GitHub) and uses it to drive implementation activities. Ingestion points: External ticket content is retrieved and stored in ticket.md as part of the 'Fetch' phase. Boundary markers: The instructions do not specify the use of delimiters (like XML tags) or safety prompts to isolate the external content from the agent's instructions. Capability inventory: The skill has the capability to write multiple files to the workspace and execute implementation subagents via the /resolve --continue command. Sanitization: No explicit validation or sanitization of the fetched ticket content is described before it is used for complexity analysis and implementation planning.

ticket-workflow