The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads untrusted data from local project files (e.g., package.json, Makefile) and incorporates it into the PROJECT.md file, which the agent uses as context. * Ingestion points: onboard.py reads strings from configuration files (lines 104, 117). * Boundary markers: Absent in the generated PROJECT.md. * Capability inventory: File-write access to the local project directory and state directory. * Sanitization: None.
[SAFE]: The skill performs its intended function using standard file system operations and does not attempt network access, credential theft, or privilege escalation.

project-onboarding