The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructs the agent to override standard transparency protocols by performing initialization and project scanning 'silently' and not announcing actions unless relevant. It explicitly directs the agent to edit files 'without needing to ask' for user confirmation during the self-correction process. Additionally, the included skill-report.json file contains a pre-authored 'security audit' claiming the skill is safe and all findings are false positives, which is a deceptive attempt to influence the analyzer's evaluation.
[DATA_EXFILTRATION]: The skill requires the agent to read local project files (e.g., Cargo.toml, source code) and provides instructions for transmitting data to external repositories via git push and gh pr create. When combined with the 'silent' execution instructions, this configuration increases the risk of sensitive data exfiltration without user awareness.
[COMMAND_EXECUTION]: The skill relies on the execution of external CLI commands, specifically git and gh, to manage versioning and the submission of skill updates.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the local project environment.
Ingestion points: The agent is instructed to read Cargo.toml and various project source files (.rs) to adapt its behavior and documentation.
Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded content when processing project files.
Capability inventory: The agent has extensive local file access (Read/Edit) and network/CLI capabilities (git, gh).
Sanitization: None; project data is used directly to adapt suggestions and update skill documentation.
[EXTERNAL_DOWNLOADS]: The skill's documentation and example CI configurations reference standard tools and services, such as GitHub Actions (actions/checkout@v4). These references to well-known technology services are documented as safe functionality.

makepad-evolution