The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads and summarizes content from the local codebase and git history to generate documentation and specifications.\n- Ingestion points: Reads files and git logs in 'commands/doc.md', 'commands/spec.md', and 'commands/end.md'.\n- Boundary markers: Uses Markdown headers and YAML frontmatter to structure data.\n- Capability inventory: Includes permissions to 'Write', 'Edit', and execute 'Bash' commands (git, mkdir, rm).\n- Sanitization: Implements specific logic to strip '../' and special characters from user-provided topics in 'commands/doc.md', 'commands/review.md', and 'commands/spec.md' to prevent path traversal.\n- [COMMAND_EXECUTION]: Utilizes 'git' via 'Bash(git:*)' for session tracking, context retrieval, and history synthesis.\n- [COMMAND_EXECUTION]: Instructions in 'commands/spec.md' attempt to execute an external utility 'forge' to register specifications, although this tool is not explicitly whitelisted in the skill's allowed bash commands metadata.\n- [PROMPT_INJECTION]: Metadata poisoning risk identified due to a discrepancy between the author field in 'SKILL.md' ('vieko') and the platform-provided author context ('andreadellacorte').

bonfire