The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to perform web searches and fetch content to research features and competitive analysis. If the agent visits a malicious website, it could ingest instructions that manipulate its behavior.
Ingestion points: The agent uses WebSearch and WebFetch to gather context from untrusted external websites in the discovery phase.
Boundary markers: The instructions do not define delimiters or warnings to help the agent distinguish between its system instructions and the content retrieved from external sources.
Capability inventory: The agent is equipped with powerful tools including Bash, Write, Edit, and MultiEdit.
Sanitization: There are no requirements to sanitize or validate external content before the agent processes it.
[COMMAND_EXECUTION]: The skill mandates the use of Bash and other code-writing tools to build proof-of-concept prototypes and test implementation feasibility. While this is the intended function of the specialist role, it grants the agent significant control over the local environment to execute dynamically generated code.

agent-feature-analyst