The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing untrusted external data. * Ingestion points: The instructions in SKILL.md direct the agent to read and analyze content from GitHub issues, Stack Overflow, and chat platforms like Discord or Slack. * Boundary markers: The skill lacks explicit instructions or delimiters to help the agent distinguish between its own system instructions and potentially malicious instructions embedded in the external content it processes. * Capability inventory: The agent is granted access to tools including bash, git, and filesystem operations, which could be exploited if an indirect injection occurs. * Sanitization: There is no mention of sanitizing or validating the untrusted input before the agent processes it or uses it to inform its actions.

dev-advocate