The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as its primary function involves reading and summarizing untrusted data from external repositories, including source code, issue trackers, and documentation.
Ingestion points: The skill uses file-reading and content-searching tools (Glob, Grep, Read) to process arbitrary files within a repository (SKILL.md).
Boundary markers: The instructions do not define clear delimiters or "ignore previous instructions" safety markers for the content being analyzed.
Capability inventory: The agent has access to the file system via multiple tools and the capability to execute shell commands (SKILL.md).
Sanitization: No sanitization or validation of the ingested repository content is performed before processing, allowing potential instructions in the source code to influence agent behavior.
[COMMAND_EXECUTION]: The skill instructs the agent to use the shell to execute ast-grep and other commands when no native tool equivalent exists. While scoped to the research task, this provides a mechanism for command execution within the environment (SKILL.md).

repo-research-analyst