The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from the user's codebase and external inputs without sanitization. * Ingestion points: Codebase files are scanned using Grep, Read, and Glob during project discovery in SKILL.md, and the $ARGUMENTS variable is used as the primary topic. * Boundary markers: Prompts used to initialize sub-agents (e.g., workflow-architect, test-generator in SKILL.md) do not include delimiters or instructions to ignore malicious content within the processed data. * Capability inventory: The skill has access to powerful tools like Agent creation, Task management, and file system access (Read/Write). * Sanitization: There is no evidence of filtering or escaping logic applied to data before it is interpolated into agent instructions.
[COMMAND_EXECUTION]: The skill executes local shell commands to facilitate its workflow and populate templates. * Hook Execution: The SKILL.md file defines PreToolUse hooks that trigger a local script (run-hook.mjs) to load instructions and prior decisions. * Metadata Population: Design document templates in scripts/create-design-doc.md and scripts/decision-matrix-template.md use a !command syntax to execute standard utilities like date and git (e.g., git config user.name, git rev-parse) to auto-fill project details.

brainstorm