The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes untrusted user input from conversation history to suggest behavior updates. * Ingestion points: Conversation history and tool usage logs. * Boundary markers: Absent; the instructions do not include delimiters to separate data from instructions. * Capability inventory: Proposes modifications to skill definitions and project configuration files (CLAUDE.md). * Sanitization: Mitigated by a mandatory user confirmation step before any changes are applied.

reflection