The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of fetching and executing remote instructions.
Ingestion points: Remote remediation instructions are retrieved from https://api.ollygarden.cloud/api/v1/services/{id}/insights and processed in SKILL.md.
Boundary markers: The skill lacks explicit markers or safety instructions to distinguish between the agent's core guidelines and the potentially untrusted remediation content.
Capability inventory: The agent is empowered to modify the local codebase and execute system commands like linters and tests, providing a significant impact surface for malicious instructions.
Sanitization: There is no evidence of validation or filtering applied to the fetched remediation instructions before the agent applies them to the project.
[DATA_EXFILTRATION]: The skill accesses local files containing sensitive information.
Evidence: The skill reads and writes API keys within ~/.config/ollygarden/keys.json.
Context: This activity is limited to the 'ollygarden' vendor's own configuration files and is used for authenticated requests to its own API. The skill includes instructions to secure this file with restrictive system permissions.

ollygarden-insight-remediation