The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process external content from World of Warcraft environment files and addon outputs.
Ingestion points: addon.output, sv.parse, sv.discover, and api.search (defined in cli-commands.md). These functions read data from external files and logs that can be influenced by third-party addon code.
Boundary markers: None identified in the provided skill documentation or tool descriptions.
Capability inventory: The mech call interface (documented in cli-commands.md) allows execution of subprocesses for linting, testing, formatting, and git operations. The lua.queue and sandbox.exec commands allow for code execution either in-game or in a local sandbox.
Sanitization: There is no evidence of sanitization or instruction-stripping for data returned via addon.output or sv.parse.
[Command Execution] (HIGH): The mech CLI tool, as described in cli-commands.md, provides a direct bridge for the agent to execute shell commands.
Evidence: Commands like mech call release.all chain multiple operations including git.commit and git.tag. Other commands wrap luacheck, stylua, and busted tests. If an agent is misled by injected instructions in the data it is processing, it could use these tools to perform unauthorized file modifications or code commits.
[Data Exposure] (LOW): The skill provides capabilities to read arbitrary files via system.pick_file and parse WoW-specific data structures (sv.parse). While these are legitimate developer features, they provide the agent with access to potentially sensitive local configuration files if misdirected.

k-mechanic