The Agent Skills Directory

[PROMPT_INJECTION]: The skill features a vulnerability surface for indirect prompt injection (Category 8) due to its architecture of ingesting external project requirements to generate planning documents. An attacker could embed malicious instructions in the requirements context to influence the agent's output. * Ingestion points: Project context and feature lists are ingested from the project-requirements skill output or user interviews, as specified in SKILL.md and templates/software-requirements-spec.md. * Boundary markers: There are no explicit instructions or delimiters in the templates that tell the agent to treat input data as untrusted or to ignore embedded instructions. * Capability inventory: The skill is primarily designed for markdown document generation. It lacks scripts for system command execution or network operations, limiting the impact of potential injections to content manipulation. * Sanitization: No sanitization or validation mechanisms are defined for the input requirements before they are processed by the template system.

sdlc-planning