The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data (project documentation, API specs, and runbooks).
Ingestion points: The skill uses the Read tool to scan files like README.md, the docs/ directory, and architecture decision records.
Boundary markers: The instructions do not define clear delimiters or 'ignore' instructions for the content being processed.
Capability inventory: The skill has Read, Write, Edit, and Bash capabilities (restricted to documentation build tools).
Sanitization: No explicit sanitization or validation of input content is mentioned before it is processed or used to generate new documentation.
[COMMAND_EXECUTION]: The skill requests Bash access for specific documentation tools including npm run docs:*, mkdocs:*, and docusaurus:*. While restricted to these patterns, this capability could be exploited if a project's configuration (e.g., package.json or mkdocs.yml) is maliciously crafted to execute arbitrary code during a build process.
[SAFE]: The provided validation script (scripts/validate-docs.sh) was analyzed and found to perform benign local file checks, such as verifying link integrity and searching for required documentation sections using standard utilities like grep and find.

technical-writer