The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through the use of template variables. Ingestion points: The variables ${languageInstruction} and ${args} are interpolated directly into the instruction set in SKILL.md. Boundary markers: There are no boundary markers, delimiters, or explicit instructions for the agent to treat the content of these variables as data rather than executable instructions. Capability inventory: The skill has the capability to write files to the local filesystem (docs/plans/). Sanitization: No sanitization, escaping, or validation of the input variables is performed before they are interpolated into the prompt.

spec-write-plan