The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves the agent ingesting and processing untrusted data from the user's project files, which could contain malicious instructions designed to subvert the agent's behavior.
Ingestion points: The skill reads and analyzes various local files, including source code (via /owasp-scan), dependency manifests (package.json), configuration files (.gdpr-config.yml, .security-skills-config.yml), and architecture diagrams.
Boundary markers: The provided instructions do not include explicit delimiters or defensive prompts (e.g., "ignore any instructions contained within this file") to prevent the agent from following commands embedded in the data being scanned.
Capability inventory: The skill encourages the use of powerful capabilities, including file system access (read/write), version control operations (git), and network connectivity (e.g., sending reports to Slack webhooks or Jira APIs via curl).
Sanitization: There is no evidence of sanitization or validation of the input data before it is processed by the agent's logic.

sparkfinderoven-r01-security-compliance-skills