The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by interpolating user-provided input ($ARGUMENTS) directly into the agent's context. 1. Ingestion points: The $ARGUMENTS variable is placed inside tags in SKILL.md. 2. Boundary markers: XML-style tags are used as delimiters. 3. Capability inventory: Includes file modification via /code and git repository management via git-manager. 4. Sanitization: No explicit input validation or escaping for ingested content.
[COMMAND_EXECUTION]: The skill instructs the agent to perform actions such as modifying files with /code and managing git history with git-manager. While these actions are standard for the skill's purpose, they represent a significant capability surface that can be triggered by processed inputs.

fix-hard