The Agent Skills Directory

[Prompt Injection] (LOW): Indirect Prompt Injection vulnerability surface. The skill provides instructions for building agents that ingest untrusted data from the local environment. Ingestion points: The prompts in examples/agent-creation-prompt.md and references/agent-creation-system-prompt.md instruct the agent to read and analyze user code and project-specific files like CLAUDE.md. Boundary markers: The design patterns in references/system-prompt-design.md do not include instructions for using delimiters or warnings to ignore instructions found within processed data. Capability inventory: Recommended tools for the generated agents include Read, Write, Grep, and Glob, which can be exploited if an agent is successfully injected. Sanitization: There are no provisions for sanitizing or escaping content retrieved from the filesystem before it is interpolated into the agent's context.

agent-development