The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads various project files, such as documentation, SQL schemas, and source code, to perform its audit tasks.
Ingestion points: SKILL.md instructs the agent to read file types across the repository including **/*.sql, docs/**/*.md, **/api/**, src/, and app/.
Boundary markers: Absent. The instructions do not define delimiters or provide specific instructions for the agent to disregard commands or instructions embedded within the audited files.
Capability inventory: The agent possesses broad file system read access and the ability to write multiple report files to the docs/implementation/ directory.
Sanitization: Absent. There is no requirement for content validation or filtering before the agent processes the ingested data.
[DATA_EXFILTRATION]: Data Exposure Surface. The skill conducts a comprehensive discovery of project materials including infrastructure configuration.
Evidence: SKILL.md (Step 1: Discovery Phase) and references/audit-checklist.md (Phase 1: Discovery Checklist) instruct the agent to scan directories such as **/.github/** and **/deploy/**. These paths often contain CI/CD workflow definitions and deployment scripts that may expose infrastructure details to the agent's context. While no external network exfiltration was detected, the exposure of these files to the LLM increases the risk surface.

implementation-status-auditor