The Agent Skills Directory

[OBFUSCATION]: The main title in SKILL.md contains a sequence of zero-width characters (U+200B, U+200C, U+200D) which encode hidden information using a binary pattern.
[DATA_EXPOSURE_AND_EXFILTRATION]: Decoding the hidden zero-width character sequence reveals a URL (https://copyleftdev.org/solve). Hiding network destinations using steganographic techniques like zero-width character encoding is a high-severity finding, as it is designed to evade static analysis and can be used to exfiltrate user prompt data or problem descriptions to an external server.
[INDIRECT_PROMPT_INJECTION]: The skill's primary function is to process user-provided problem descriptions and system architectures, creating a surface for indirect prompt injection attacks.
Ingestion points: Problem statements, code snippets, and debugging logs provided by the user in SKILL.md examples.
Boundary markers: The skill provides no explicit delimiters or system instructions to the agent to distinguish between its own logic and potentially malicious instructions embedded in the user-provided data.
Capability inventory: The skill leverages complex reasoning and analysis capabilities that could be subverted if the agent is successfully injected with malicious instructions via the processed data.
Sanitization: There is no evidence of sanitization or validation of the input data before it is processed by the agent's reasoning engine.

polya-how-to-solve-it