The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest and process SARIF files, which contain snippets of code and messages from external security scanners. This creates a surface for indirect prompt injection where a malicious file could include instructions to manipulate the agent's output.
Ingestion points: Reads SARIF file data from the path provided in $ARGUMENTS, specifically parsing the runs[].results[] array which includes code snippets and tool-generated messages from the scanned project.
Boundary markers: The instructions lack explicit delimiters or 'ignore' instructions to prevent the model from following commands embedded within the SARIF content.
Capability inventory: The skill is tasked with generating 'exploitation scenarios,' 'PoCs,' and 'remediation code.' A successful injection could influence the generated security advice or lead to the generation of malicious code fixes.
Sanitization: There is no mention of sanitizing or validating the contents of the SARIF file before the agent processes and interprets it.
Unverifiable Script Execution (SAFE): The README.md and SKILL.md refer to a helper script (scripts/sarif_helper.py) and provide instructions for its execution. While the script's source code was not provided in the analyzed files, the documentation describes it as a utility for parsing and filtering SARIF data, which is consistent with the skill's stated purpose.

sarif-issue-reporter