The Agent Skills Directory

Prompt Injection (LOW): The skill has a surface for indirect prompt injection due to how it handles external data. • Ingestion points: The skill reads external artifacts and pull request data when executing the /quality-gate command. • Boundary markers: No delimiters or instructions are provided to help the agent distinguish between the skill's system instructions and potential instructions embedded within the artifacts being reviewed. • Capability inventory: The agent is granted tools like Write and TodoWrite, which could be misused if the agent is successfully injected. • Sanitization: There is no evidence of sanitization or filtering for the data ingested from the file system.
No Code (SAFE): The skill is composed entirely of markdown instructions and metadata. It does not include any scripts, binaries, or remote code patterns, which minimizes the direct execution risk.

qc-specialist