The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and analyze untrusted data from user-provided project directories.
Ingestion points: The scripts/audit-checklist.mjs script recursively walks through a target directory and reads the content of all text-based files (e.g., .md, .js, .json).
Boundary markers: There are no specific delimiters or instructions provided to the agent to distinguish between the script's output and the potentially malicious instructions contained within the analyzed files.
Capability inventory: The skill can execute local scripts via Node.js and read any file accessible to the environment. It also provides instructions to the AI based on the audit results.
Sanitization: The script does not perform sanitization, escaping, or filtering of the content read from the target files before presenting it as context in audit findings.
[COMMAND_EXECUTION]: The skill executes local Node.js scripts (validate-books-index.mjs, validate-rgs-events.mjs, and audit-checklist.mjs) to perform its primary tasks. These scripts are part of the skill's own package and operate strictly on local file data without making external network requests.

stake-game-developer