The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local codebase to suggest documentation updates, which technically creates an indirect prompt injection surface. \n- Ingestion points: Codebase files (structure, imports, patterns, config, and tests) are read during the 'Challenger Mode' analysis phase. \n- Capability inventory: The skill has the ability to write to .agents/PROJECT_CONTEXT.md and .agents/TECHNICAL_DEBT.md. \n- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the analyzed codebase files are defined. \n- Sanitization: No specific validation or filtering of codebase content is performed before interpretation. \n- Mitigation: The risk is mitigated by a mandatory human-in-the-loop protocol where findings are presented one at a time and require user triage (Accept/Reject/Discuss) before any files are modified.

refine-project-context