The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it requires the agent to read and summarize content from potentially untrusted external sources (internet search results) and a variety of local files.
Ingestion points: The skill explicitly instructs the agent to search the internet for API versioning and deprecation schedules (SKILL.md). It also reads configuration and source code from sibling repositories including rudder-integrations-config, rudder-integrations-info, and rudder-auth (SKILL.md, references/integration-docs-guide.md).
Boundary markers: There are no protective delimiters or instructions to ignore embedded commands within the ingested data, which could allow a malicious file or website to influence the agent's output or behavior.
Capability inventory: The agent has the capability to write to the local filesystem to generate the requested documentation files (README.md, businesslogic.md, retl.md).
Sanitization: The skill lacks mechanisms to sanitize or validate the content retrieved from external searches before it is processed by the agent.

generate-integration-docs