The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from markdown files and PRDs to guide its logic. 1. Ingestion points: Reads all provided .md files, PRDs, specs, AGENTS.md, and README files as specified in the intake and discovery gate (SKILL.md). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are present to isolate the external document content from the agent's core instructions. 3. Capability inventory: The skill has extensive capabilities including reading files, modifying source code, and executing shell commands for validation tests as described in the workflow (SKILL.md). 4. Sanitization: There is no evidence of sanitization or safety validation for instructions contained within the reviewed documentation.
[COMMAND_EXECUTION]: The workflow includes a step to run validation checks such as unit tests, integration tests, and API-level E2E checks. While intended for verifying code correctness, this capability provides an execution vector that could be manipulated if an attacker places malicious commands inside the documentation files being reviewed.

review-implementation