The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from GitHub issues via the 'gh issue view' command. Evidence: Step 1 in SKILL.md fetches issue content and comments. Capability: The agent then uses this data to explore the codebase and create new issues. Sanitization: There are no defined boundary markers or instructions to ignore embedded commands within the fetched PRD content, meaning malicious instructions in a PRD could influence the agent's behavior during implementation drafting or codebase interaction.

prd-to-issues