The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill ingests untrusted data through the $ARGUMENTS variable and output from the scout subagent. It lacks sanitization or instructions to ignore embedded commands, creating a surface for attackers to influence agent behavior. * Ingestion points: $ARGUMENTS and scouted codebase files. * Boundary markers: Uses XML-style tags but provides no 'ignore' instructions for the content. * Capability inventory: Can activate other skills in .claude/skills/* and execute /code commands. * Sanitization: None detected.
[Command Execution] (LOW): The workflow utilizes the /code command with the explicit flag 'skip code review step', which bypasses a standard safety mechanism intended to prevent the execution of malicious or erroneous code.
[Metadata Poisoning] (LOW): The skill's description promotes a 'trust me bro' and 'No research' philosophy. This encourages the agent to skip standard verification protocols and decreases the overall security posture by favoring speed over correctness.

cook-auto-fast