The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8). It is designed to read and process untrusted data from the user's current codebase, including source code, documentation, and configuration files, to generate summaries, quizzes, and learning plans. This data is then interpolated into the agent's context without specific protections against embedded malicious instructions.
Ingestion points: Project files including READMEs, source code (entry points and modules), test files, and configuration files (identified in the explain, quiz, and learn actions).
Boundary markers: Absent. The instructions do not mandate the use of delimiters or explicit warnings for the agent to ignore instructions found within the ingested file content.
Capability inventory: The skill has significant file-system capabilities, including reading any file in the project context and writing/appending to various files within a docs/ subdirectory (docs/revisit.md, docs/brainstorm/, docs/decisions/, and docs/project-knowledge.md). It does not have network access or arbitrary subprocess execution tools.
Sanitization: No sanitization, escaping, or validation logic is specified for the content read from the filesystem before it is summarized or presented to the user.

agentic-learning