The Agent Skills Directory

[PROMPT_INJECTION]: The skill describes an architecture susceptible to indirect prompt injection. Ingestion points: The SkillsMiddleware and FilesystemBackend load content from external skill directories and local files (SKILL.md). Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the provided configuration examples. Capability inventory: The framework includes powerful tools such as write_file, edit_file, and a task tool for spawning subagents. Sanitization: The documentation does not specify methods for sanitizing or validating the content of loaded skills before they are processed by the agent.\n- [COMMAND_EXECUTION]: The framework provides built-in tools for local filesystem manipulation, including ls, read_file, write_file, edit_file, glob, and grep. The examples configure a FilesystemBackend with a root_dir of ".", which grants the agent authority to read and modify any file within the current working directory based on potentially untrusted input.

Deep Agents Core