The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (external project source code) to generate documentation.
Ingestion points: The skill uses Read, Grep, and Glob tools to scan project directories and read file content (e.g., API views, models, and workflows).
Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore any natural language instructions found within the code being analyzed (such as malicious comments).
Capability inventory: The skill has the ability to read the file system and write markdown documentation to the business_logic/ directory. It does not have network access or arbitrary shell execution capabilities enabled in its allowed-tools.
Sanitization: There is no mention of sanitizing or escaping the content extracted from source files before it is interpolated into the final markdown output.

reverse-engineering-business-logic