The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to process external code files which serves as an ingestion point for untrusted data. If the files being refactored contain hidden instructions, the agent might follow them because it lacks explicit boundary markers or sanitization logic.
Ingestion points: Uses Read, Grep, and Glob to process user-controlled code files and internal documentation.
Boundary markers: Absent. The instructions do not define specific delimiters to distinguish between code content and agent instructions.
Capability inventory: Access to high-privilege tools including Bash, Write, and Edit which could be exploited if an indirect injection occurs.
Sanitization: Absent. No evidence of input validation or escaping for the code content being processed.
Command Execution (SAFE): The skill includes Bash in its allowed-tools. However, the instructions focus on benign use cases like searching with Grep and managing tasks. No malicious commands or unauthorized network operations were detected.

refactoring