The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface because it is designed to ingest and act upon the content of untrusted SKILL.md files. • Ingestion points: The skill reads content from target skill directories using the Read tool (SKILL.md). • Boundary markers: Missing. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the ingested data. • Capability inventory: The skill has access to filesystem modification tools (Edit, Write) and task delegation (Task), which could be misdirected by instructions hidden within the files being reviewed. • Sanitization: Missing. The skill does not perform any validation or escaping of the content it reads before processing it.
[EXTERNAL_DOWNLOADS]: The documentation references an external plugin provided by the developer's own infrastructure. • Evidence: "If missing, install from the Trail of Bits plugin repository."

skill-improver