The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands via the Bash tool and dynamic context injection (the !command syntax) to inspect file metadata and git history. Specifically, it executes pwd, stat, and git log to gather context about the project's evolution. These operations are conducted within the local environment for legitimate analysis purposes.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its document synchronization workflow.- Ingestion points: It reads content from package.json and .claude/rules/1-app-design-document.mdc to inform updates.- Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate or ignore potentially malicious instructions embedded within the ingested files.- Capability inventory: The skill has access to powerful tools including Bash and file writing capabilities (Write, MultiEdit), which could be abused if an injection occurs.- Sanitization: No sanitization, escaping, or validation is performed on the data read from the codebase before it is integrated into the prompt context.

update-app-design