The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing untrusted user descriptions to generate PHP code snippets. \n- Ingestion points: User-supplied field specifications in interaction with workflows defined in SKILL.md. \n- Boundary markers: No explicit markers or 'ignore' instructions are used for the input data. \n- Capability inventory: The skill is limited to generating static PHP code blocks; it cannot execute the code, perform network requests, or access the file system. \n- Sanitization: No sanitization or escaping of user input is performed before interpolation into the generated code. \n- Assessment: This is a standard code-generation pattern and does not constitute a high risk as the generated output is intended for developer review and is not executed. \n- [SAFE]: No other threat patterns, such as obfuscation, credential exposure, or persistence mechanisms, were detected in the skill files.

yii2-param-rules