The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it ingests untrusted data from untracked markdown files and uses that content to perform file system operations.
Ingestion points: The skill reads untracked .md files identified via git status in modules/candidate-detection.md.
Boundary markers: Content is extracted based on markdown headers, but the skill lacks explicit instructions for the agent to ignore or delimit embedded instructions within the source files.
Capability inventory: The skill possesses file-read, file-write, and file-delete (unlink) capabilities, as detailed in modules/merge-execution.md.
Sanitization: There is no evidence of sanitization or validation of the ingested content before it is woven into permanent project documentation.
[COMMAND_EXECUTION]: The skill relies on the execution of shell and git commands to identify candidates and manage the file lifecycle.
Evidence: Use of git status --porcelain | grep '^??', find, and unlink operations throughout the module definitions to manage untracked artifacts.

doc-consolidation