The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection by ingesting untrusted data from external files and interpolating it into instructions for the agent.
Ingestion points: The skill loads project requirements from business-requirements.yaml and technical-requirements.yaml located in the user-specified base_directory.
Boundary markers: Absent. The instructions do not direct the agent to treat the requirements data as untrusted or to use specific delimiters to isolate external content.
Capability inventory: The skill generates milestone-m*.tasks.yaml files which contain executable shell commands (e.g., npm test, npm run lint) and detailed instructions that the agent is expected to follow during the implementation phase.
Sanitization: Absent. There is no evidence of validation, escaping, or filtering of the content from the requirements files before it is used to generate the plan.
[COMMAND_EXECUTION]: The skill generates and structures shell commands for quality gates and validation (e.g., npm run lint, npm run typecheck, npm test) within the generated milestone task files. While these are standard development practices, the commands are derived from the plan generation process and are intended for subsequent execution by the agent.

implementation-planner