The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes recap documents which serve as untrusted external data, creating a potential surface for indirect prompt injection.\n- Ingestion points: The skill reads the full content of a recap document provided via the --context flag, which is then used as the primary context for the LLM during synthesis as described in references/qa-prompt.md.\n- Boundary markers: The LLM prompt in references/qa-prompt.md utilizes clear section headers (e.g., ## Recap Context, ## Question) and explicit instructions to the model to prioritize its independent research over the provided framing.\n- Capability inventory: The skill allows the agent to use Read, Grep, and restricted Bash tools to inspect files and repository metadata, though these actions are intended to be bounded by the recap's evidence index.\n- Sanitization: Path validation via fs.realpathSync ensures that all context and evidence paths remain within the repository or allowed temporary directories. A dedicated scripts/security-redact.js script is executed on all outputs to detect and mask secrets before they are emitted to the user.

recap-ask