The Agent Skills Directory

PROMPT_INJECTION (MEDIUM): The skill is susceptible to Indirect Prompt Injection because its primary function is to ingest and process content from untrusted external sources (the project codebase being analyzed). Ingestion points: The skill uses list_directory, glob, and a codebase_investigator tool to read any file within the target project directory (SKILL.md, Workflow steps 1-6). Boundary markers: Absent. There are no instructions to delimit codebase content or ignore embedded instructions found within analyzed files. Capability inventory: The agent can read all files in the project and write findings to a local file PROJECT_SUMMARY.md (SKILL.md, Step 11). Sanitization: Absent. The skill does not provide mechanisms to sanitize or escape content extracted from the codebase before including it in the summary or processing it.
DATA_EXFILTRATION (LOW): While no network calls are explicitly defined, the broad search patterns for configuration and environment files (e.g., .env, package.json) could lead to the exposure of hardcoded secrets or sensitive architectural metadata in the final report output generated by the agent.

project-analyzer