The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and synthesizing information from untrusted external web sources.
Ingestion points: The agent is instructed to read content from technical blogs, GitHub repositories, and Stack Overflow (SKILL.md).
Boundary markers: Absent. There are no instructions to use delimiters or to disregard embedded directives within the gathered research data.
Capability inventory: The agent has file system access via shell commands and internal RAG search tools.
Sanitization: Absent. External findings are directly synthesized into actionable research reports and implementation guides.
[COMMAND_EXECUTION]: The skill includes instructions to execute shell commands for codebase analysis which could lead to unintended data exposure.
Evidence: The protocol suggests using cat config/*.yaml | head -50 to review configuration patterns. While functional for research, this command could expose hardcoded credentials or sensitive environment details if they are stored within YAML configuration files.

background-researcher-agent