The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by reading source code files from the src/ directory and incorporating that content into new skill documents. This creates a surface for indirect prompt injection where malicious instructions placed in source code comments could influence the generated summaries.
Ingestion points: Source code files in src/ subsystem directories (SKILL.md).
Boundary markers: None; the agent is instructed to read the entire source.
Capability inventory: File system read and write access to the .claude/skills/ directory (SKILL.md).
Sanitization: No specific sanitization or filtering of source code content is mentioned before interpolation into the summary template.
[DATA_EXPOSURE]: The instructions require the agent to read the complete source code of various subsystems. While this is the intended purpose of the skill, it involves broad access to the project's intellectual property.

regenerating a technical summary of stellar-core