The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests untrusted user input and persists it into a file (.agents/personal-brand-context.md) intended for consumption by other AI agents (Skills 23-28).
Ingestion points: User responses during the interview process in SKILL.md (Step 3: Thu thap thong tin theo variant).
Boundary markers: The skill uses Markdown headers and tables to structure data but does not include explicit delimiters or 'ignore instructions' warnings for downstream agents.
Capability inventory: Performs local file-write operations within the project's .agents directory.
Sanitization: No explicit sanitization or validation of the user's input strings is defined in the instructions.
[DATA_EXPOSURE]: The skill creates a local file containing user-provided professional and personal details. However, it does not attempt to access system secrets, SSH keys, or environment variables, and it performs no network operations to exfiltrate this data.

22-personal-brand-context