The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes SARIF (Static Analysis Results Interchange Format) files which are typically generated by external, potentially untrusted, static analysis tools. This creates a surface for indirect prompt injection where an attacker could embed malicious instructions within SARIF fields like result messages or rule descriptions to influence the agent's behavior during analysis.
Ingestion points: Untrusted data enters the agent context through file reading operations described in Strategy 1-5 of SKILL.md and implemented in the load_sarif and extract_findings functions of resources/sarif_helpers.py.
Boundary markers: The skill does not implement or recommend the use of boundary markers or "ignore embedded instructions" warnings when interpolating SARIF data into the agent's context.
Capability inventory: The skill utilizes capabilities including file system access (read/write operations in resources/sarif_helpers.py) and shell command execution via the Bash tool used for jq and sarif-tools CLI operations.
Sanitization: While the normalize_path function in resources/sarif_helpers.py provides some validation for file paths, the skill lacks mechanisms to sanitize or filter natural language content from the SARIF files before processing.
[EXTERNAL_DOWNLOADS]: The documentation references and suggests the installation of several well-known third-party libraries and tools for handling SARIF data. This includes Python packages like pysarif, sarif-tools, ijson, and jsonschema, as well as the ajv-cli Node.js package and system utilities like jq. These resources are sourced from official registries or well-known organizations.

sarif-parsing