The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill is designed to read and analyze external code files and documentation, which could contain malicious instructions that the agent might inadvertently follow during its review process.\n- Ingestion points: The skill reads files and directories provided via the $ARGUMENTS parameter, as well as context files like CLAUDE.md, README.md, and data documentation (SKILL.md).\n- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' directives to isolate untrusted content from the agent's system instructions (SKILL.md).\n- Capability inventory: The skill has broad file system access, including reading source code, data documentation, and PDF files, and writing new markdown report files to the same directory as the analyzed code (SKILL.md).\n- Sanitization: No validation, sanitization, or filtering of content from the ingested files is mentioned in the instructions.

econ-audit