The Agent Skills Directory

[PROMPT_INJECTION]: Direct prompt injection vulnerability. The skill appends user-provided data via the $ARGUMENTS placeholder at the end of the SKILL.md file without any surrounding delimiters or warnings. This allows user input to potentially override the skill's logic or manipulate the agent's behavior.
[PROMPT_INJECTION]: Indirect prompt injection surface assessment:
Ingestion points: User requirements are processed through the $ARGUMENTS variable in SKILL.md.
Boundary markers: Absent. There are no markers to distinguish between system instructions and untrusted user data.
Capability inventory: The skill has access to the Read, Write, and Edit tools, which could be exploited if the agent follows malicious instructions within the user input.
Sanitization: No input validation or escaping mechanisms are implemented to mitigate the risk of malicious content being processed.

mermaid