The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted agent files provided via user arguments, which presents an indirect prompt injection surface where malicious instructions in the audited file could influence the agent's behavior. Ingestion points: Agent file content is loaded via the @$ARGUMENTS syntax in SKILL.md. Boundary markers: The content is loaded without delimiters or instructions to ignore embedded commands. Capability inventory: The skill can execute a local validation script and perform file write operations. Sanitization: There is no explicit sanitization of the input file content, although a human-in-the-loop check is required before applying improvements.
[COMMAND_EXECUTION]: The skill executes a validation script using python3 from the local plugin directory. While the script itself is part of the plugin environment, it is invoked with a user-provided file path as an argument.

repair-agent