The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from project configuration files and external skill definitions. Ingestion points: Reads package.json, go.mod, CLAUDE.md, .cursorrules, and globbed SKILL.md files from both project and user-level directories. Boundary markers: No delimiters or 'ignore' instructions are used during file ingestion to prevent the agent from following instructions embedded in those files. Capability inventory: The skill can write to the project file system (creating directories and config files) and use the mem_save tool to persist data. Sanitization: External content is incorporated into summaries and registries without validation or escaping.

sdd-init