The Agent Skills Directory

[DATA_EXPOSURE]: The skill accesses local project files about-me.md and voice.md to customize the generated content. This access is standard for context-aware agents and is restricted to the user's project environment, with no evidence of exfiltration to external domains or access to sensitive system credentials.
[INDIRECT_PROMPT_INJECTION]: The skill reads data from potentially untrusted files (about-me.md, voice.md). Ingestion points: Reads in Step 1 and the Rules section. Boundary markers: None identified. Capability inventory: The skill is limited to generating text suggestions and does not have access to tools for command execution, network requests, or file system modifications. Sanitization: None. Although a surface for indirect prompt injection exists, the risk is minimal because the skill lacks the capabilities required to perform harmful actions.

content-matrix