The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a standard attack surface for indirect prompt injection as it processes external document content.
Ingestion points: The skill reads file content based on the path provided in $ARGUMENTS through the subagent prompt and Read tool.
Boundary markers: The prompt instructions for the subagent do not define clear delimiters or 'ignore embedded instructions' warnings for the document content.
Capability inventory: The agent has access to file system tools (Read, Grep, Glob, Edit) and can dispatch tasks to other agents.
Sanitization: There is no evidence of content validation or sanitization before the document data is incorporated into the agent context for refactoring.

doc-refactor