The Agent Skills Directory

[COMMAND_EXECUTION]: The skill contains a dangerous directive in the 'Writing Style' section of SKILL.md which states: 'Verify every command and path against the codebase. Run each command before committing'. This instructs the agent to execute arbitrary shell commands extracted from documentation files (AGENTS.md, README.md), creating a direct path for malicious command execution if those files contain harmful instructions.
[PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection. It is designed to read, extract, and obey 'Rules' and 'constraints' from AGENTS.md (as described in SKILL.md under 'Context File Hierarchy' and references/update-agents.md). An attacker who can modify a project's documentation could inject instructions that override the agent's behavior or safety guidelines.
[DATA_EXFILTRATION]: The skill performs broad read operations across the project structure, including sensitive configuration files like package.json, pyproject.toml, and .env.example (referenced in references/init-agents.md and references/update-readme.md). When combined with the capability to execute commands for verification, there is a risk of project metadata or environment details being accessed or transmitted.
[PROMPT_INJECTION]: The SKILL.md includes instructions to 'Override everything else' when processing rules from the context files. While intended for document structure prioritization, this phrasing can be misinterpreted by the agent as a permission to bypass its own internal instructions in favor of content found in AGENTS.md (Indirect Prompt Injection).

md-docs