The Agent Skills Directory

Indirect Prompt Injection Surface: The skill is designed to ingest and analyze untrusted source code provided by users. This creates a surface where instructions embedded within the analyzed code (e.g., in comments or string literals) could potentially influence the agent's behavior during the scan. While common for analysis skills, this warrants awareness when processing code from unknown sources.
Ingestion points: Source code input defined in SKILL.md.
Boundary markers: The skill does not currently define explicit delimiters or instructions for the agent to ignore natural language commands embedded within the code it scans.
Capability inventory: The skill utilizes shell-based search tools (grep) to locate patterns across the provided codebase.
Sanitization: No specific sanitization or filtering of the input source code is defined before processing.
Shell Command Utilization: The skill instructions involve executing grep commands with specific patterns to identify performance issues. These commands are statically defined within the skill's reference files and are used for read-only scanning of the target directory, representing a standard approach for this type of audit.

analyzing-dotnet-performance