The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted project data (such as build scripts and properties) that could contain malicious instructions designed to subvert agent behavior. \n
Ingestion points: build.gradle, build.gradle.kts, gradle.properties, and libs.versions.toml files (referenced in SKILL.md and migrate-to-built-in-kotlin.md). \n
Boundary markers: No specific boundary markers or 'ignore' instructions are implemented to isolate project data from the core instruction stream. \n
Capability inventory: The skill performs shell command execution via ./gradlew (SKILL.md) and accesses local file systems including the Gradle cache (ksp-kapt.md). \n
Sanitization: No explicit sanitization or validation of the content read from project files is defined. \n- [COMMAND_EXECUTION]: The skill executes shell commands, specifically ./gradlew help and ./gradlew build --dry-run, to verify the state of the project and ensure migration success (SKILL.md). \n- [DATA_EXFILTRATION]: The skill instructions guide the agent to access the user's local Gradle dependency cache located at ~/.gradle/caches/modules-2/files-2.1/ to inspect JAR files for KSP compatibility (ksp-kapt.md). Although no network exfiltration was detected, accessing files within the home directory is a sensitive operation.

agp-9-upgrade