The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection when processing untrusted source code and requirements. Ingestion points: External source code and requirements provided by the user as described in SKILL.md and HOW_TO_USE.md. Boundary markers: None identified; there are no instructions to the agent to ignore or delimit instructions embedded within the processed data. Capability inventory: The skill executes Python tools and generates files based on these untrusted inputs (SKILL.md). Sanitization: None identified.\n- COMMAND_EXECUTION (MEDIUM): SKILL.md and HOW_TO_USE.md describe the use of multiple Python scripts (e.g., test_generator.py, coverage_analyzer.py) in a 'scripts/' directory. These files are missing from the provided skill package, rendering the agent's command execution behavior unverifiable and potentially dangerous.\n- EXTERNAL_DOWNLOADS (LOW): The skill documentation references external package installations (e.g., 'pip install pytest pytest-cov' in references/ci-integration.md). These are from trusted sources and the finding is downgraded per [TRUST-SCOPE-RULE].\n- NO_CODE (LOW): The skill contains no actual executable source files, consisting only of documentation and metadata despite defining complex tool-based workflows.

tdd-guide