The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because its primary function involves ingesting and analyzing content from external, potentially untrusted codebases.
Ingestion points: The skill uses Read, Grep, and MCP tools such as mcp__hex-line__read_file and mcp__hex-line__grep_search to load code into the agent's context.
Boundary markers: The skill's instructions do not explicitly require the use of boundary markers (like XML tags) or "ignore embedded instructions" warnings when the agent processes code snippets from the target codebase.
Capability inventory: The skill is authorized to use the Bash tool. If a malicious instruction hidden within a file being audited (e.g., in a code comment) were to successfully influence the agent, the shell access could be used to execute unintended commands.
Sanitization: There are no documented procedures for sanitizing or escaping the codebase content before it is interpolated into the agent's reasoning process.

ln-628-concurrency-correctness-auditor