The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as its primary function involves reading and processing the content of untrusted source code files (e.g., React or Rails components). If these files contain malicious instructions, they could theoretically attempt to influence the agent's audit findings. However, given the specific purpose of the skill and the use of defined rule sets, this risk is minimal.
Ingestion points: Content from UI files located in src/ or app/ is read and processed in Step 4.
Boundary markers: The instructions do not define specific delimiters for separating the file content from the agent's instructions.
Capability inventory: The skill has access to the Bash, Read, Grep, and Glob tools.
Sanitization: The skill does not perform content sanitization, which is expected for a code auditing tool.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform file discovery (via the find command). The commands documented in the instructions are restricted to local file listing and do not incorporate unvalidated user input into shell execution in a dangerous manner.

ui-code-auditor