The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill provides templates (e.g., project-context-template.md) that interpolate user-provided data into shell command blocks such as {MINIMAL_SETUP_COMMANDS}. This creates an attack surface where a malicious user could inject arbitrary commands into the generated documentation. 1. Ingestion points: Data gathered for placeholders during the workflow phase in SKILL.md. 2. Boundary markers: Absent in the templates; no instructions provided to the agent to ignore embedded instructions in input data. 3. Capability inventory: The skill specifies allowed tools as Read, Write, Bash, and Glob. 4. Sanitization: No sanitization or validation logic is present to filter or escape the interpolated content.

project-scaffolder