The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes content from project source files (Java, Go, Vue, Python, etc.) and subsequently performs sensitive actions like file modifications and shell command execution based on that context.
Ingestion points: Full project scans and single-file reads defined in SKILL.md under the '执行流程' sections.
Boundary markers: None identified in the instructions to separate code content from instructions.
Capability inventory: Reading files, writing files (refactoring/splitting), and executing shell commands (test runners).
Sanitization: No sanitization of file content is specified before the agent processes the logic contained within.
[COMMAND_EXECUTION]: During the verification phase, the skill automatically detects and executes test commands such as npm test, go test, or pytest based on the project's environment. While this is standard for development tools, the autonomous nature of these commands depends on the integrity of the local project configuration files (e.g., package.json, Makefile) which are considered untrusted inputs.

cc-size-check