The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and process untrusted data from external codebases.
Ingestion points: The skill workflow in SKILL.md explicitly directs agents to scan the user's codebase using Grep and Glob and subsequently read 5-10 lines of context around findings to be included in reports.
Boundary markers: The agent prompt template and the consolidation logic lack delimiters (such as XML tags or triple backticks) or explicit instructions to the AI to ignore any natural language commands found within the ingested code snippets.
Capability inventory: The skill utilizes the Agent tool to spawn 13 parallel sub-agents and has access to filesystem search and read tools, creating a significant impact surface if an agent is successfully hijacked via injected instructions in a source file.
Sanitization: No sanitization, escaping, or filtering is performed on the code snippets before they are interpolated into the sub-agent prompts or the final consolidated optimization report.

code-optimizer