The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection where the agent might process instructions hidden in the codebase.
Ingestion points: The instruction in SKILL.md to "explore the codebase" to answer questions allows the agent to ingest untrusted data from project files.
Boundary markers: The skill lacks instructions or delimiters to isolate or sanitize content read from the codebase.
Capability inventory: The agent uses its built-in file-reading and search capabilities to access the codebase.
Sanitization: No sanitization or filtering is applied to the data retrieved during the codebase exploration.

reflect