The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a hardcoded shell command deno task build within the /home/yodai/thanks-card-docs directory to regenerate the project index.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted HTML files and URL content to automatically generate metadata and update skill configurations.
Ingestion points: Processes local file paths (inside or outside the repository) and external URL content provided via the paths argument.
Boundary markers: Absent. The instructions do not specify any delimiters or safety markers to prevent the agent from following instructions embedded within the ingested documents.
Capability inventory: Includes file system access (Read), JSON/Markdown editing (Edit), and shell command execution (deno task build).
Sanitization: No sanitization or validation logic is defined for the content extracted from HTML files or URLs before it is used for decision-making or metadata estimation.- [DATA_EXFILTRATION]: The skill instructions explicitly allow reading files from arbitrary locations outside the repository. This creates a risk of sensitive data exposure if the agent is directed to process system configuration or credential files as if they were HTML documents.

add-doc