The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform validation of documentation bundles. Specifically, it instructs the agent to run uv run "${CLAUDE_SKILL_DIR}/../validate/scripts/okf_validate.py", which executes a Python script from a sibling directory.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because its primary function involves reading and processing markdown files from the local filesystem to inform the agent's context and actions.
Ingestion points: The agent reads all .md files within a specified bundle directory (defaulting to .okf/) to understand project knowledge.
Boundary markers: The skill relies on standard YAML frontmatter boundaries, but does not provide specific instructions for the agent to ignore potentially malicious natural language instructions embedded within the markdown body of those files.
Capability inventory: The skill is granted significant capabilities including Read, Write, Edit, Grep, Glob, and Bash access.
Sanitization: There is no evidence of sanitization or filtering of the content read from the knowledge bundles before it is incorporated into the agent's prompt context.

okf