The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to ingest and process untrusted data from a project environment without explicit isolation or validation mechanisms. * Ingestion points: The skill instructions direct the agent to analyze public interfaces, APIs, and dependencies within a codebase, and to review data quality and pipeline fixtures (SKILL.md). * Boundary markers: There are no instructions provided to use delimiters or protective labeling to separate external code or data from the agent's core instructions, nor are there warnings to ignore potentially malicious directives embedded in those files. * Capability inventory: The skill configuration includes access to tools with significant system impact, including Read, Grep, Glob, Edit, Write, and Bash (SKILL.md). * Sanitization: No procedures are defined for sanitizing or validating the content of analyzed files before the agent processes them.

loom-testing