The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to read and process the content of local codebase files which are untrusted. Ingestion points include local codebase files or directories targeted for audit. The instructions lack boundary markers or explicit directives to the agent to ignore potential natural language instructions embedded within source code or comments. The skill's capability inventory is limited to text analysis and reporting; it does not include tools for network access, shell command execution, or file system modifications. No sanitization or validation of the ingested code content is performed before processing.

Tech Debt Auditor