The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes data from the catalog/ directory to facilitate pattern selection. This architecture creates an attack surface where instructions embedded in catalog files could override the agent's logic. Ingestion points: The agent reads catalog/index.json, catalog/features/*.yaml, and catalog/patterns/*.yaml using Glob and Read tools. Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore instructions found within the ingested content. Capability inventory: The skill uses Read, Glob, and Grep tools to provide architectural guidance and implementation templates. It does not possess direct execution or network capabilities. Sanitization: Absent; the skill does not include logic to validate or escape content retrieved from the catalog files.

vsa-pattern-selector