The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from local component files where malicious instructions could be embedded.
Ingestion points: Source code files (.tsx, .svelte) discovered via the find command in the project directory as specified in SKILL.md.
Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions found within the processed file content.
Capability inventory: The skill has access to Read, Write, and Bash tools, providing a surface where injected instructions could potentially trigger file system modifications.
Sanitization: Absent. File contents are processed as plain text without validation or sanitization before being analyzed for accessibility fixes.

stitch-a11y