The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes user-supplied prompts through several sub-agents (task-intent-analyzer, codebase-context-builder) to perform its transformation tasks. This creates a surface for indirect prompt injection where a malicious user prompt could attempt to influence the sub-agents' behavior. However, this is an inherent characteristic of prompt optimization tools.
Ingestion Points: User prompts are ingested in SKILL.md and passed to sub-agents defined in the agents/ directory.
Boundary Markers: The skill does not currently use explicit delimiters (like XML tags) to isolate untrusted user input within the sub-agent instructions.
Capability Inventory: The sub-agents have capabilities to read codebase files, search for patterns, and analyze project configurations to provide grounded advice.
Sanitization: No explicit sanitization of the user prompt is performed before it is analyzed by the sub-agents.
[COMMAND_EXECUTION]: The skill documentation and sub-agent instructions (e.g., in agents/codebase-context-builder.md) recommend the use of standard development tools such as grep, glob, gh, and npm to gather context. These are used within the expected scope of a coding assistant to explore the local project environment.
[EXTERNAL_DOWNLOADS]: The documentation references official Anthropic resources and well-known developer tools (GitHub CLI, AWS CLI). All external links point to trusted domains (anthropic.com, github.com).

best-practices