The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It performs analysis on untrusted data from the user's environment, such as source code, error logs, and git diffs, which could contain hidden instructions designed to influence the agent's behavior. Ingestion points include source code and stack traces read by agents like code-reviewer, debugger, and commit-helper. The skill has access to file system tools and can execute local development commands via Bash, but it does not define explicit sanitization or boundary markers to isolate processed data from the agent's internal logic. \n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform common development operations. The build-verifier agent executes cleanup and build commands (rm -rf dist && npm run build), and the commit-helper agent inspects repository state using git diff. These actions are necessary for the skill's functionality but involve executing logic defined within the user's local workspace. \n- [PROMPT_INJECTION]: The agent-first-thinking rule implements a behavioral nudge using assertive instructions to prioritize agent-based automation over manual work, which intentionally modifies the model's default reasoning process. \n- [SAFE]: The author metadata in the skill files (author: 'Jezweb') differs from the vendor context provided in the environment ('evolv3ai'). This is documented as a metadata inconsistency but does not appear to be an impersonation attempt.

developer-toolbox