The Agent Skills Directory

[SAFE]: The skill's operations are confined to the project's local file system within the .agent directory. It lacks network access, contains no obfuscated code, and does not access sensitive user credentials outside of the intended project documentation scope.
[INDIRECT_PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it processes project files such as tasks, SOPs, and user profile data to extract knowledge. While no malicious instructions were found in the skill itself, it is inherently vulnerable to instructions embedded in the documentation it scans. * Ingestion points: .agent/tasks/.md, .agent/sops/.md, .agent/system/.md, .agent/markers/.md, and .agent/.user-profile.json. * Boundary markers: None identified; the skill treats documentation as a trusted source for knowledge extraction. * Capability inventory: File system access (Read, Write, Edit) and local command execution via Bash to manage the graph.json file and run internal Python scripts. * Sanitization: No sanitization or instruction-filtering is performed on the ingested text before it is summarized and stored in the knowledge graph.

nav-graph