The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process content from external sources (other SKILL.md files, manifest.json, etc.) for evaluation. While this creates an inherent surface for indirect prompt injection if the content being analyzed contains malicious instructions, this behavior is central to the skill's stated purpose of auditing. Evidence of ingestion: Step 1 and Step 2 detail identifying and collecting evidence from repository files such as manifest.json and SKILL.md. Capability inventory: The skill has access to the 'bash' tool and file system to read project contents. Sanitization: The instructions emphasize basing judgment strictly on repository evidence and distinguish between different types of issues (Step 2).
[COMMAND_EXECUTION]: The skill configuration specifies 'bash' in its allowed-tools list. The instructions describe using the tool to collect evaluation evidence from the local repository (e.g., checking manifest.json, README.md, and examples). This is a standard and expected use of local shell tools for repository-based analysis and does not involve arbitrary or dangerous command construction.

Academic Skill Eval Team