The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a Python script via a relative path (../../../scripts/generate_workflow.py) that resides outside its immediate directory. While common in monorepos, this represents an external code dependency.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection when processing untrusted input files. 1. Ingestion points: Reads data from exploration/session-brief.md, exploration/captures/brd-draft.md, and any files provided via the --input argument. 2. Boundary markers: The skill does not use XML tags, triple quotes, or other delimiters to separate untrusted content from system instructions in the LLM prompts. 3. Capability inventory: The skill has access to Bash, Read, and Write tools, enabling it to execute commands and write files. 4. Sanitization: There is no evidence of sanitization or filtering of the input text before it is used by the diagram generation logic.

business-workflow-doc