The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from JIRA ticket descriptions and local documentation to determine sprint planning and dependency waves.\n- Ingestion points: JIRA ticket descriptions, estimates, and requirement labels; documentation files in the documentation/specs/ directory.\n- Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are present in the prompt templates or workflow instructions.\n- Capability inventory: The skill can create or modify JIRA sprints, create Confluence pages, and write or commit local files to the repository.\n- Sanitization: No evidence of sanitization or validation of the content pulled from JIRA or local specification files is present.\n- [DATA_EXFILTRATION]: The skill includes a hardcoded absolute local file path (/Users/khanm/s/tbml_investigator/.codex/sprint1_kickoff.md) in its references, exposing specific user environment information. It also facilitates the transmission of project planning data to external JIRA and Confluence services.\n- [COMMAND_EXECUTION]: The workflow includes a review checklist that utilizes shell commands like 'python -c ast.parse' and 'tsc --noEmit' for code validation. While these are static analysis tools, they provide a mechanism for invoking local interpreters on project files.

sprint-planner