The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by requiring the agent to discover project-specific structures through file system exploration. The agent is instructed to list and read content from directories that may contain untrusted data in a real-world repository (such as src/content/ or src/layouts/). If an attacker places malicious instructions within these project files or filenames, they could potentially influence the agent's behavior during the guidance process.
Ingestion points: src/content/, src/layouts/, src/config/, and src/app/ (via directory listing and file reading tools).
Boundary markers: The skill lacks explicit instructions or delimiters (e.g., XML tags or clear 'ignore embedded instructions' warnings) for the agent when processing these external project files.
Capability inventory: The skill leverages view_file and directory listing capabilities. It also provides guidance on executing pnpm scripts (dev, build, postbuild) and modifying the application structure.
Sanitization: No sanitization, validation, or escaping of the ingested project data is mentioned in the instructions.

nextjs-template-guidance