The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted security artifacts and utilizes a Write tool to save them. 1. Ingestion points: Artifacts provided by the user or generated in-session (SKILL.md). 2. Boundary markers: No delimiters or protective instructions are defined for the input data. 3. Capability inventory: Filesystem write access via the Write tool (SKILL.md). 4. Sanitization: No automated content or path sanitization is present, relying instead on user confirmation.
[COMMAND_EXECUTION]: The skill facilitates filesystem interaction through the Write tool. It accepts various path formats including absolute and home-relative paths (~/). Safety is addressed by requiring the agent to display the resolved path and obtain user consent before execution.

devsec-saving-report