The Agent Skills Directory

PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill mandates that the agent's first action should be reading and following the STATUS.md file. This ingestion of untrusted external data without sanitization or boundary markers creates a surface for attackers to influence agent behavior.\n
Ingestion points: STATUS.md, .spec/STATUS.md, PLAN.md, README.md (specified in workflow patterns).\n
Boundary markers: Absent. No delimiters or warnings are provided to prevent the agent from obeying instructions embedded in these data files.\n
Capability inventory: The skill describes the use of uv run python for code execution and uv sync for dependency installation, which could be leveraged if the agent is misled by injected instructions.\n
Sanitization: Absent. No validation or escaping of the content from the project files is mentioned.\n- SAFE (SAFE): No malicious patterns, obfuscation, or data exfiltration attempts were detected. The instructions follow security best practices by advising that .env files containing API keys must be gitignored and never committed.

multi-agent-ai-projects