The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.
Ingestion points: Multiple examples in examples/simple-commands.md (e.g., document.md, quick-fix.md, research.md) ingest untrusted data via positional arguments $1, $ARGUMENTS, or file references @$1.
Boundary markers: The provided command templates generally lack explicit delimiters (like triple backticks or XML tags) or system instructions to ignore embedded commands within the ingested data.
Capability inventory: The skill patterns demonstrate the use of powerful tools including Read, Grep, and Bash (specifically git, npm, kubectl, and gh). If a file being processed contains malicious instructions, the agent might be persuaded to execute unauthorized tool calls within the allowed-tools scope.
Sanitization: The skill does not provide examples of input sanitization or validation for the content of processed files or arguments.
[COMMAND_EXECUTION] (SAFE): While the skill documents the use of the Bash tool, it correctly emphasizes the use of command filters (e.g., Bash(git:*)) to limit tool scope as a best practice, reducing the risk of arbitrary command execution.

command-development