The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains various strings associated with prompt injection (e.g., 'ignore previous instructions', 'reveal your system prompt'). These instances are included strictly as descriptive examples within an educational framework and do not constitute an attempt to override the agent's own behavior or instructions.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process external content (target files or directories) specified via the $ARGUMENTS variable. This ingestion of untrusted data represents a known attack surface for indirect prompt injection.
Ingestion points: Files and directories specified in $ARGUMENTS and accessed via the Read, Grep, and Glob tools.
Boundary markers: No explicit delimiters or boundary markers are used to separate the instructions from the file content being reviewed.
Capability inventory: The skill is restricted to file system read access using Read, Grep, and Glob. It does not have network access or arbitrary code execution capabilities.
Sanitization: There is no sanitization or filtering applied to the content of the files read during the assessment process.
[METADATA_POISONING]: All metadata fields (name, description, tags, author) accurately reflect the skill's instructional purpose for security auditing and do not contain deceptive instructions.

prompt-injection