The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from untrusted codebases which could contain malicious instructions. * Ingestion points: Source code files within the user's project directory (e.g., src/ and module paths). * Boundary markers: The skill does not implement delimiters or safety instructions to prevent the agent from following prompts embedded in audited code. * Capability inventory: The skill can read files, write/edit files, and execute shell commands for verification. * Sanitization: No sanitization or validation of the ingested code content is specified.
[COMMAND_EXECUTION]: The skill instructs the agent to execute commands from the codebase being audited, which could result in executing malicious test suites or build scripts. * Evidence: Step 4 of the process in SKILL.md explicitly directs the agent to 'run tests or at minimum confirm the change compiles/lints'.

techdebt