The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external dependency repositories which could contain malicious instructions.\n- Ingestion points: Project dependency names and metadata (READMEs, issue counts) retrieved via the gh tool (SKILL.md).\n- Boundary markers: The skill lacks explicit instructions to treat external data as untrusted or to ignore commands embedded within that data.\n- Capability inventory: The skill uses Bash, Write, and the gh CLI tool, providing a functional surface for an attacker to influence if instructions in dependency data are followed.\n- Sanitization: No sanitization or validation of the data retrieved from external repositories is performed before it is used in report generation or shell commands.

supply-chain-risk-auditor