The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes source code from external codebases to generate analysis reports and automated fixes.
Ingestion points: roles/scanner/role.md and roles/fixer/role.md read source code files from the local workspace using file system tools.
Boundary markers: While the skill uses structured prompts for its sub-agents, it lacks explicit boundary markers or instructions to the LLM to ignore directives potentially contained within the processed codebase content.
Capability inventory: The skill possesses significant capabilities through the Bash, Write, Edit, and Agent tools, enabling it to execute commands, modify files, and spawn sub-agents.
Sanitization: There is no evidence of content sanitization or validation of the codebase data before it is interpolated into prompts or processed by the analysis logic.
[COMMAND_EXECUTION]: The fixer role automatically executes project-specific test suites (e.g., npx jest, pytest, npx tsc) to verify code modifications. This behavior can be exploited if a project contains malicious test configurations or code designed to execute when the test suite is invoked by the agent.

team-review