The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection.\n- Ingestion points: The skill processes untrusted user-provided domains, topics, and external content such as codebases for conversational learning (SKILL.md).\n- Boundary markers: No boundary markers, delimiters, or instructions to ignore embedded commands are used to separate learning data from instructions.\n- Capability inventory: The skill possesses the capability to write new markdown configuration files to the filesystem (skills/*/SKILL.md) (SKILL.md).\n- Sanitization: There is no evidence of sanitization, escaping, or validation of the ingested content before it is used to generate and save new skill files.

Alex Bootstrap Learning Skill