The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze untrusted data from the project environment.
Ingestion points: Project files, system logs, and git history (SKILL.md).
Boundary markers: No explicit delimiters or instructions to ignore instructions inside processed data were found.
Capability inventory: The skill uses bash, git, and file system write operations (SKILL.md).
Sanitization: No validation or sanitization of the input data is defined.
[COMMAND_EXECUTION]: The skill allows the agent to execute arbitrary shell commands via bash and perform repository manipulations via git. While these are intended for technical auditing and testing, they provide an execution surface that could be exploited if the agent follows instructions embedded in audited files.

compliance-auditor