The Agent Skills Directory

[DATA_EXFILTRATION]: Hardcoded Google Drive Root IDs were identified in docs-templates/google-drive-sync-integration.md (1u2I7QtOQDzWnQAVgINZqQbLv0wOjvR_0 and 12nxdtruC9WtZlDRL58SCxb0BuWUSibqv). While these are resource identifiers and not credentials, they expose specific organizational storage locations.
[DATA_EXFILTRATION]: The skill instructions contain internal contradictions regarding cloud synchronization. While SKILL.md explicitly states the skill "must not perform Google Drive sync," the file docs-templates/google-drive-sync-integration.md provides mandatory logic and IDs for syncing analyzed documents to the cloud. This inconsistency could lead to unexpected data transmission to external storage.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to the processing of untrusted external data.
Ingestion points: Content is retrieved from Jira Story fields (Description, Acceptance Criteria) via jira_get_issue (mentioned in SKILL.md).
Boundary markers: The instructions do not specify any delimiters or instructions to ignore embedded commands within the fetched Jira data.
Capability inventory: The agent has capabilities to write to the local file system, call Jira APIs (jira_create_issue, jira_batch_create_issues), and interact with the google-drive skill.
Sanitization: There is no evidence of input validation or sanitization to prevent malicious instructions in a Jira Story from influencing the agent's behavior during the analysis phase.

aile-requirement-analysis