The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and evaluates content from CLAUDE.md files found within potentially untrusted repositories. An attacker could embed instructions within these files to manipulate the agent's behavior during the audit or update phases. 1. Ingestion points: The skill reads various CLAUDE.md files (e.g., ./CLAUDE.md, ./.claude.local.md, and ~/.claude/CLAUDE.md) discovered via the find command. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing the files. 3. Capability inventory: The skill instructions authorize the use of the Edit tool to modify project files based on findings. 4. Sanitization: No content validation, escaping, or sanitization is performed on the data read from files.
[COMMAND_EXECUTION]: The skill utilizes a shell command (find) in SKILL.md to locate configuration files in the current workspace and the user's home directory. While functional for discovery, this executes in the user's local shell environment.

cld-md-improver