The Agent Skills Directory

[SAFE]: The skill is a legitimate configuration utility designed to help users set up custom AI assistants. All templates and instructions provided in SKILL.md and assets/templates/ are consistent with their stated purpose and do not contain hidden malicious commands or unauthorized network operations.
[PROMPT_INJECTION]: The skill facilitates the creation of agents that ingest external data (e.g., codebase contents via grep or web content via webfetch). This structural design introduces a surface for indirect prompt injection where malicious instructions in analyzed files could attempt to influence subagent behavior. 1. Ingestion points: Data is ingested via read, grep, git diff, and webfetch tools defined in templates like security-auditor.json. 2. Boundary markers: The provided system prompts (e.g., security-auditor.txt) do not currently include explicit delimiters or safety instructions to disregard embedded commands in external data. 3. Capability inventory: Configured agents have access to file reading, web fetching, and restricted bash command execution. 4. Sanitization: No sanitization logic for external inputs is present in the provided templates.

opencode-agents