The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill possesses an indirect prompt injection surface due to its analysis and modification of project files.
Ingestion points: The skill reads local project files, including TypeScript and JavaScript source code, as part of its discovery workflow (SKILL.md).
Boundary markers: There are no instructions in the protocol to use delimiters or ignore instructions embedded in the analyzed code.
Capability inventory: The skill allows the agent to modify source code, apply patches, and generate new scaffolded files (SKILL.md).
Sanitization: No sanitization or validation of the input source code is specified to filter out potential embedded instructions.

react-flow