The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection surface detected where the skill ingests untrusted data from the local repository.\n * Ingestion points: The scripts/discover.sh script and manual workflows in REFERENCE.md read content from README.md, package.json, and git commit logs (e.g., git log --oneline).\n * Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potential instructions embedded within these files.\n * Capability inventory: The skill is granted Bash, Read, Grep, Glob, and TodoWrite tools in SKILL.md, allowing for file system interaction and shell execution.\n * Sanitization: The skill does not sanitize or escape the content read from the repository before presenting it to the agent context.

project-discovery