The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute bash commands such as sha256sum, cut, and grep to perform file hashing and drift detection. These commands are executed based on file paths and content derived from the documents under review.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external EARS and PRD documents and uses it to perform operations without sufficient sanitization of the input sources.
Ingestion points: The agent reads content from EARS files and PRD references (e.g., @ref: or @prd: tags) located in docs/03_EARS/ and docs/02_PRD/.
Boundary markers: There are no specified boundary markers or instructions to treat data within the files as untrusted or to ignore embedded instructions.
Capability inventory: The skill possesses the ability to execute bash sub-processes via shell commands and perform file write operations to create cache and report files.
Sanitization: There is no mention of sanitization or validation of the file paths or document content before they are interpolated into bash command strings for hash calculation.

doc-ears-reviewer