The Agent Skills Directory

[COMMAND_EXECUTION]: The skill mandates the execution of bash commands such as sha256sum and sed to verify document integrity. These commands incorporate variables like <file_path> and Section Name derived from the project structure and document content. Without strict sanitization of these inputs, an attacker could craft malicious file names or section headers to achieve command injection when the agent attempts to hash the file.
[PROMPT_INJECTION]: As a documentation reviewer, the skill processes untrusted content from Product Requirements Documents (PRD) and Business Requirements Documents (BRD). This creates an Indirect Prompt Injection surface where malicious text embedded in a PRD could influence the agent's logic, such as bypassing review checks, manipulating the 'Review Score', or triggering unintended 'Auto-Fixes'.
Ingestion points: The agent reads multiple markdown files from docs/02_PRD/ and docs/01_BRD/ at runtime.
Boundary markers: The instructions lack explicit boundary markers or 'ignore' directives to separate document data from agent instructions during the review process.
Capability inventory: The skill utilizes file system read/write access to apply fixes and generates shell commands for hashing.
Sanitization: No sanitization or validation logic is defined for the content extracted from upstream artifacts before it is used in scoring or command assembly.

doc-prd-reviewer