The Agent Skills Directory

[PROMPT_INJECTION]: The skill directly interpolates user-provided input through the $ARGUMENTS variable into the instructions without using delimiters or specific sanitization. Ingestion point: SKILL.md. Boundary markers: Absent for the initial input. Sanitization: Absent. This allows a user to potentially override the intended logic of the advisor setup.
[PROMPT_INJECTION]: The skill instructs the agent to identify and provide local file paths for a secondary 'advisor' agent to read. Capability inventory: File-read access via the spawned agent. While a safety suffix ('Do NOT edit, create, or delete any files') is included as a boundary marker for the secondary agent, the lack of input sanitization in the primary prompt allows an attacker to manipulate the context or specify sensitive files for exposure.

paseo-advisor