The Agent Skills Directory

[PROMPT_INJECTION]: The skill analyzes untrusted data from the $ARGUMENTS variable. Evidence Chain: 1. Ingestion points: $ARGUMENTS in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Read, Grep, and Glob tools used on repository files and documentation paths. 4. Sanitization: Absent. This constitutes a surface for indirect prompt injection, though the impact is limited by the read-only nature of the tools.
[EXTERNAL_DOWNLOADS]: The skill references documentation on the official es-toolkit.dev domain. This is a well-known and expected service reference for this library and does not pose a security risk.

recommend