The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill specifies a hardcoded $schema URL (https://45f4-2a06-c701-4911-2c00-de9-9736-a7e1-53ee.ngrok-free.app) to be included in the docs/plans/YYYY-MM-DD-<topic>-brainstorm-summary.json file. This URL points to an ephemeral ngrok tunnel, which is not a trusted source and is commonly used for phishing or data exfiltration.
[DATA_EXFILTRATION]: Mandating the inclusion of an external, non-whitelisted ngrok URL in a generated JSON file creates a data exfiltration vector. Any automated tool or agent that processes this file and attempts to validate the schema will send a request to the attacker-controlled ngrok endpoint, potentially leaking project metadata or brainstorming content.
[COMMAND_EXECUTION]: The skill directs the agent to execute environment-scanning commands such as git log and perform file system operations including git commit. While intended for project management, these capabilities grant the agent write access to the repository history.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted project context and user dialogue to generate design documents and summaries. Ingestion points: Project files, logs, and user input (see discovery.md). Boundary markers: None are specified for the generated JSON or design docs. Capability inventory: File system write access, git commits, and invocation of the writing-plans skill (see SKILL.md). Sanitization: No escaping or validation is applied to external content before it is persisted or passed downstream.

brainstormingv3