The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is instructed to process untrusted code and automatically follow references to external files or modules.
Ingestion points: Untrusted code provided by the user and any files or modules referenced within that code (documented in SKILL.md).
Boundary markers: The skill instructions lack explicit markers or warnings to ignore instructions embedded within the code being explained.
Capability inventory: The instructions direct the agent to read external files and modules, granting it file-system access context (SKILL.md).
Sanitization: No input validation or sanitization of the code content is performed before processing.

explain-code