The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the user's local codebase to generate reports.
Ingestion points: Phase 1 (Step 1.1) and Phase 2 (Step 2.1) involve reading project files such as READMEs, entry point source files, and configuration files using the Read, Glob, and Bash tools.
Boundary markers: The prompts defined in references/domain-prompts.md lack delimiters or instructions to ignore embedded commands, which could allow malicious instructions hidden in source code comments or documentation to influence the agent's behavior.
Capability inventory: The skill has the ability to execute Bash commands, spawn parallel Task subagents, and Write files to the local filesystem.
Sanitization: No sanitization or validation of the content read from the project files is performed before the content is passed to the subagents.

pre-deploy-checklist