The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection via the {{refactor_description}} parameter in SKILL.md. * Ingestion points: Untrusted content is ingested through the {{refactor_description}} variable in SKILL.md. * Boundary markers: The skill lacks delimiters or protective instructions to isolate the external description from the system instructions. * Capability inventory: The skill utilizes codebase search and file reading capabilities to analyze dependencies. * Sanitization: There is no evidence of input validation or sanitization for the interpolated data before it is processed by the agent.

refactor-plan