The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from users.
Ingestion points: The workflow in SKILL.md involves reading user-provided buggy code, natural language descriptions, failing test cases, and error messages.
Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the user-provided code or descriptions.
Capability inventory: The skill utilizes the Edit tool for file modification and the Bash tool for command execution (pytest, mvn, gradle, and binary execution).
Sanitization: The workflow does not describe any sanitization or validation of the user-provided inputs before they are analyzed or executed.
[COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute code provided or influenced by the user.
Evidence: SKILL.md includes instructions to run pytest test_file.py -v, mvn test, gradle test, and ./test_executable via a Bash tool.
Risk: If a user provides code that contains malicious side effects (e.g., system calls embedded in a C++ test or Python script), the agent will execute them as part of its 'verification' step.

code-repair-generation-combo