The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It is designed to ingest and process untrusted data from other skills (SKILL.md, README.md, scripts) and then perform automated actions based on that data, such as file edits and git commits. Ingestion points: Reads content from target skills in Step 3 of SKILL.md. Capability inventory: Performs file writes via the Edit tool and network/system operations via git and rsync in Step 7. Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded within the files being optimized. Sanitization: There is no evidence of sanitization or validation of the content of the target skills before processing.
[COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands, including git, rsync, and local Python scripts (lint_skill.py, bump_version.py). While these are necessary for the skill's stated purpose of optimizing and syncing skills, they represent a surface for automated command execution.

lovstudio-skill-optimizer