The Agent Skills Directory

[PROMPT_INJECTION]: The skill identified has a potential surface for indirect prompt injection because it ingests external requirements, PRDs, and design documents to drive automated coding and command execution tasks. However, it includes defensive mechanisms such as an automated 'adversarial review' phase in the brainstorming skill to identify logic holes or risks.
Ingestion points: Reads PRD.md, DESIGN.md, ENGINEERING.md, and user-supplied requirements across multiple skills (forge-prd, forge-dev, forge-eng).
Boundary markers: The framework uses structured templates for documents but does not consistently apply explicit 'ignore embedded instructions' markers when interpolating requirement data into agent prompts.
Capability inventory: Uses Bash, Agent, and Write tools to execute system commands and implement code.
Sanitization: External requirements are structured into specification documents, but the framework lacks a dedicated sanitization layer for raw input text.
[COMMAND_EXECUTION]: The framework executes a wide array of system commands for git operations, environment diagnostics, and project management. It includes a 'Verification Gate' mechanism where the agent generates and runs commands to verify its own implementations.
[EXTERNAL_DOWNLOADS]: The skill automates the installation of standard development dependencies from public registries (npm, PyPI, Go) and fetches the axe-core accessibility testing library from Cloudflare's well-known CDN (cdnjs.cloudflare.com).

forge