The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external documentation and incident reports located in the .chalk/docs/ directory. Malicious instructions placed in these files by an attacker could manipulate the agent's behavior during the runbook creation process.
Ingestion points: Documentation files and architecture guides located in .chalk/docs/engineering/.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were identified in the ingestion logic.
Capability inventory: The skill is authorized to use Bash for system inspection and Write for file creation.
Sanitization: There is no evidence of content sanitization or validation for the data ingested from the local file system.
[COMMAND_EXECUTION]: The workflow includes a step to gather operational details by using the Bash tool to inspect service configuration files, deployment scripts, and environment variables. While this is necessary for generating accurate documentation, it represents a powerful capability that allows the agent to programmatically explore the system environment.

create-runbook