The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes external, untrusted data such as code diffs, pull request descriptions, and planning documents. An attacker could embed instructions in these files to hijack the agent's behavior during the session. Evidence found in SKILL.md under 'Phase 1 — Analyze & Identify'. Mandatory evidence: Ingestion points are the codebase context and git history; boundary markers are absent; capability inventory includes reading local files and logs; sanitization is not explicitly defined in the instructions.- [EXTERNAL_DOWNLOADS]: The skill performs an automated version check by fetching a metadata file from the author's GitHub repository. This is a standard vendor-provided update mechanism. Evidence: Fetching 'https://raw.githubusercontent.com/abpai/skills/main/versions.json' as described in the 'Update Check' section of SKILL.md.- [DATA_EXFILTRATION]: The skill accesses sensitive local context including git history, configuration files, and internal architectural documentation to generate quiz topics. While required for functionality, this provides broad access to the developer's environment. Evidence: Accessing 'git log', 'config files', 'CLAUDE.md' in the 'Analyze & Identify' section of SKILL.md.- [COMMAND_EXECUTION]: The skill requires the execution of shell commands like 'git diff' and 'git log' to gather the necessary context for the Socratic briefing. Evidence: Shell command references in the 'Phase 1 — Analyze & Identify' section of SKILL.md.

socratic-code-owner