The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a pattern for reading project-specific instructions from a file named LESSONS.md. This creates a surface for indirect prompt injection where an attacker could place malicious instructions in the root of a project to influence agent behavior. Ingestion points: The file LESSONS.md located in the project root is read at runtime. Boundary markers: None are specified; the agent is simply told to apply the lessons found in the file alongside the existing rules. Capability inventory: The skill is granted high-privilege access via allowed-tools including Bash, Write, Edit, and Grep, enabling it to perform arbitrary file modifications and command execution. Sanitization: There is no mention of validation, escaping, or filtering for the content ingested from the LESSONS.md file.

azure-best-practices