The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and analyze data from external GitHub repositories, which are untrusted third-party sources.
Ingestion points: Repository metadata such as descriptions, topics, and metrics fetched from the GitHub API or provided via user triggers.
Boundary markers: The instructions do not define boundary markers (e.g., delimiters) to separate the analysis logic from the untrusted content of the repositories being analyzed.
Capability inventory: The skill includes logic for fetching repository data, performing heuristic risk assessment, and reporting repositories to external abuse endpoints.
Sanitization: The analysis logic uses basic string matching and regex which may be insufficient to prevent adversarial content within a repository description from influencing the agent's logic.

security-awareness-malicious-repository-detection