The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the local project environment to guide its refactoring logic and documentation generation.- Ingestion points: The skill reads content from specs/, src/, and tests/ directories using cat and rg commands.- Boundary markers: No specific delimiters or instructions are provided to help the agent distinguish between data from the files and the skill's own instructions.- Capability inventory: The agent has the capability to read project files, search codebases, and write or update specification documentation based on the ingested content.- Sanitization: No sanitization or validation of the content within the analyzed files is performed before it is processed by the agent.

spec-refactoring