The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the unsafe interpolation of user-controlled data into subagent prompts.
Ingestion points: User input via the $ARGUMENTS variable is used across all sub-skill files (e.g., 1-comprehensive-performance-profiling.md, 11-performance-regression-testing.md).
Boundary markers: Absent. The prompts do not use delimiters or explicit instructions for the subagent to ignore commands embedded within the input data.
Capability inventory: The subagents targeted by these prompts have significant capabilities, including modifying CI/CD pipelines (sub-skills/11), deploying edge functions (sub-skills/8), and altering database configurations (sub-skills/4).
Sanitization: Absent. No evidence of escaping or validation of the $ARGUMENTS string before it enters the subagent's context.
[COMMAND_EXECUTION] (SAFE): The skill orchestrates high-privilege operations including infrastructure changes and automation updates.
Evidence: sub-skills/11-performance-regression-testing.md instructs the subagent to "integrate with CI/CD pipeline using GitHub Actions".
Context: While these actions carry inherent risk, they are essential to the skill's primary purpose of "application performance optimization" and are documented in the workflow.

application-performance-performance-optimization