The Agent Skills Directory

PROMPT_INJECTION (LOW): The file sub-skills/claude-ai-integration-structured-output.md contains an LLM integration pattern that is vulnerable to indirect prompt injection. 1. Ingestion point: The content parameter in the analyze_with_agent function. 2. Boundary markers: Absent; untrusted input is passed directly into the user message content. 3. Capability inventory: The function utilizes the anthropic client to call an LLM and parse the response into structured Pydantic models. 4. Sanitization: Absent; there is no validation or escaping of external content before interpolation.
COMMAND_EXECUTION (LOW): Multiple files, including sub-skills/deployment-commands.md, sub-skills/backend-pytest.md, and sub-skills/frontend-react-testing-library.md, contain shell commands for deployment (gcloud run deploy), environment management (poetry run), and testing. These are standard for the skill's purpose as a project guideline but represent a high-privilege execution surface.
SAFE (SAFE): The sub-skills/environment-variables.md file contains credential patterns like sk-ant-... and eyJ.... These are identified as non-functional placeholders used for documentation purposes and do not represent actual hardcoded secrets.

agent-project-guidelines-example