The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting untrusted data from project files to generate documentation. * Ingestion points: The skill reads various project files, including source code (*.go), configuration files (go.mod), and documentation (CLAUDE.md, AGENTS.md), to extract API metadata and business logic. * Boundary markers: The instructions lack explicit boundary markers or directives for the agent to ignore instructions embedded within the source code or comments it parses. * Capability inventory: The skill utilizes powerful tools including Read, Glob, Grep, Bash, Edit, and Write, which allow for broad filesystem access and modification. * Sanitization: There is no evidence of sanitization or escaping of the content extracted from the source code before it is included in the final Markdown output or used to guide the agent's logic.

api-doc-gen