The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface (Category 8) by ingesting untrusted data from the local environment and passing it to other agents within its pipeline.
Ingestion points: Reads git status, git diff, git log, package.json, go.mod, requirements.txt, and project file listings via ls -la in SKILL.md.
Boundary markers: Absent. The handoff protocol and internal prompts do not include delimiters or specific instructions to ignore embedded commands within the ingested data.
Capability inventory: The skill utilizes Bash, Edit, Write, and Agent (handoff) tools, allowing it to execute commands or modify files based on potentially poisoned context.
Sanitization: No evidence of sanitization, escaping, or validation of external content before interpolation into the agent handoff context.
[COMMAND_EXECUTION]: The skill executes shell commands to inspect the project state and perform build checks.
Evidence: Running npm run build, go build, and python -m py_compile based on detected project language. While standard for development, these scripts are user-controlled and part of the command execution surface.

assist