The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is authorized to execute local shell commands for project building, testing, and linting, which are necessary for its function as a coding assistant but grant high-level access to the execution environment.
[PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface because it processes untrusted data from local files (e.g., README, design documents) that could contain malicious instructions. * Ingestion points: Reads local project documentation, including README.md and development instructions. * Boundary markers: Instructions include guidance to confirm boundaries with the user, though no technical isolation or delimiters are used for the ingested data. * Capability inventory: Includes the ability to read/write to the filesystem and execute local shell commands. * Sanitization: There is no mention of sanitizing or escaping the contents of ingested files before processing.

implement-code