The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests untrusted user data.
Ingestion points: User requirements are ingested via the $ARGUMENTS variable in SKILL.md and passed to the requirement-analyzer sub-agent. Additionally, the skill requests a file path for prototype code from the user in Step 2.
Boundary markers: The skill does not utilize explicit boundary markers or isolation instructions when interpolating user-provided requirements into sub-agent prompts.
Capability inventory: The skill invokes several sub-agents (requirement-analyzer, ui-spec-designer, technical-designer-frontend, etc.) which have the capability to analyze codebases and write design documentation to the file system.
Sanitization: No explicit sanitization or validation logic is present for the ingested requirements or prototype paths.
Risk Mitigation: The potential impact is significantly reduced by the implementation of mandatory [STOP] markers throughout the execution flow, ensuring that a human must review and approve the output of each sub-agent (e.g., requirement analysis, UI specs, and design documents) before the process continues.

recipe-front-design