The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection because it processes untrusted source code through the agent's context.
Ingestion points: The skill ingests project files using the Read, Grep, and Glob tools for security analysis.
Boundary markers: The instructions lack specific delimiters or instructions to the agent to disregard commands or instructions embedded within the code comments or strings of the files being reviewed.
Capability inventory: The agent has access to Bash (arbitrary command execution), Edit (file modification), and Read, providing a potential exploit path if the agent is deceived by injected content.
Sanitization: There is no evidence of sanitization or filtering of the ingested code content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform security-related tasks such as running npm audit or other security scanners. This is a documented and necessary component of the skill's auditing functionality.
[EXTERNAL_DOWNLOADS]: The skill references well-known technology services and repositories, including the npm registry and Snyk, for vulnerability scanning and dependency auditing. These external references are documented neutrally as they originate from trusted industry sources.

typescript-security-review