The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill manifest grants the agent high-privilege tools (Bash, Write, Edit) alongside web-search and fetching capabilities (Firecrawl, WebFetch). This configuration establishes an indirect prompt injection surface where instructions embedded in untrusted web content could potentially manipulate the agent into executing malicious commands.
Ingestion points: mcp__firecrawl__firecrawl_search, WebFetch tools used for data retrieval.
Boundary markers: Not explicitly defined in the skill instructions to separate untrusted data from the reasoning context.
Capability inventory: Bash (shell access), Write (filesystem access), Edit (filesystem modification).
Sanitization: No explicit sanitization or validation protocols are mentioned for content retrieved via WebFetch.
[Remote Code Execution] (SAFE): No remote scripts or unverified dependencies are downloaded or executed. The code snippets provided are illustrative C++ implementations for physics logic.
[Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or suspicious exfiltration endpoints were identified.
[Obfuscation] (SAFE): No attempts to hide code using Base64, zero-width characters, or homoglyphs were detected. The use of HTML entities in the changelog is standard for MDX compatibility.

physics-rendering-expert