The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/resolve.py script executes platform-native binaries (webfetch and websearch) using the Python subprocess module. These calls are implemented correctly by passing arguments as a list, which avoids shell interpretation and potential command injection.
[EXTERNAL_DOWNLOADS]: The skill is designed to fetch external content, specifically checking for llms.txt documentation files and retrieving web pages for documentation purposes.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and returns external content from the web to the agent.
Ingestion points: External content retrieved via webfetch and websearch tools in scripts/resolve.py and subsequently returned to the agent context.
Boundary markers (absent): There are no explicit delimiters or specific 'ignore instructions' warnings wrapped around the fetched content to differentiate it from system instructions.
Capability inventory: The skill's primary capability is executing subprocess commands to retrieve data; it does not have file-writing or persistent execution capabilities.
Sanitization (absent): The fetched markdown content is truncated by length but is not sanitized or filtered for malicious instructions before being passed to the agent.

web-doc-resolver