The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements robust defenses against prompt injection by including a mandatory 'Untrusted input boundary' (Constraint 9). This instructs the AI agent to treat all codebase content under analysis as untrusted data and strictly forbids the interpretation or execution of any instructions found within that content.
[DATA_EXFILTRATION]: While the skill is designed to read sensitive files (source code, environment variables, database schemas), it enforces a strict output boundary (Constraint 1), allowing writes only to the docs/security/ directory. Furthermore, Constraint 10 explicitly prohibits the agent from making network calls to external services, with the exception of official security databases (NVD, MITRE) for CVE lookups.
[COMMAND_EXECUTION]: The skill contains a 'No executable code generation' rule (Constraint 10), which prevents the agent from generating or running shell commands, installing packages, or modifying the host system. It is strictly limited to producing Markdown reports and CSV registries.
[INDIRECT_PROMPT_INJECTION]: This risk is mitigated by explicit analysis protocols. The skill provides the agent with boundary markers and instructions to maintain a clear separation between the skill's operational logic and the data being analyzed. It also identifies that any capability to write files is restricted to the specific output directory.
[SAFE]: All external references and dependencies identified in the documentation belong to the official vendor infrastructure (carrilloapps.com, skills.sh) or well-known public repositories (GitHub). The use of standard installation commands (npx skills add) is consistent with the platform's expected behavior.

sar-cybersecurity