The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted code files for auditing. It lacks explicit instructions to treat code as passive data or use boundary markers to prevent the agent from obeying instructions embedded in the analyzed files.\n
Ingestion points: Codebase files are analyzed using Serena MCP tools such as get_symbols_overview and search_for_pattern as described in resources/execution-protocol.md.\n
Boundary markers: Absent. No specific delimiters or safety warnings are provided to separate the skill's instructions from the data being audited.\n
Capability inventory: The skill has access to local CLI tools (npm audit, bandit, lighthouse), file search capabilities, and the Antigravity Browser for testing.\n
Sanitization: Absent. The skill does not implement validation or escaping of the external code content before processing it.\n- [COMMAND_EXECUTION]: The skill requires the execution of local auditing tools to fulfill its primary purpose.\n
Evidence: Rules in SKILL.md and the checklist in resources/checklist.md specify running commands like npm audit, bandit, and lighthouse.

oma-qa