The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes user-provided skill files (SKILL.md, reference files, scripts, etc.) to determine enhancement steps, creating an attack surface for indirect prompt injection. * Ingestion points: Phase 1, Step 1 in SKILL.md requires reading the target skill's SKILL.md and any files in references/, agents/, scripts/, and assets/ directories. * Boundary markers: The instructions lack specific guidance on using delimiters or ignoring instructions embedded within the ingested data to prevent behavior override. * Capability inventory: Phase 3, Step 4 in SKILL.md grants the ability to write files and set executable permissions (chmod +x) for generated scripts. * Sanitization: No sanitization or validation logic is specified for the input data before it influences the agent's planning and generation phases.
[COMMAND_EXECUTION]: The skill performs file system operations, specifically setting executable permissions on newly created scripts. * Evidence: Phase 3, Step 4 of SKILL.md and Section 4 of references/structure-patterns.md instruct the agent to apply chmod +x to generated shell scripts. While this is part of the skill's primary purpose for creating executable components, it represents a capability that could be abused if the agent is compromised.

skill-enhancer