The Agent Skills Directory

[PROMPT_INJECTION]: The skill is built to ingest and analyze untrusted application source code as its main input. This creates an indirect prompt injection surface where a malicious actor could place instructions inside code comments or string literals to influence the agent's behavior.
Ingestion points: Application source code files identified in ${CLAUDE_SKILL_DIR}/ via search tools.
Boundary markers: Absent; there are no specified delimiters or warnings to ignore instructions within the analyzed code.
Capability inventory: The skill has access to Bash (security-test), Write, and Edit tools.
Sanitization: Not specified for the content extracted from the source files before it is processed or reported.
[COMMAND_EXECUTION]: The skill is configured to use Bash for vulnerability scanning and verification. It includes a JSON library of SQL injection payloads, some of which are destructive (e.g., DROP TABLE). While consistent with a security testing use case, these pose a risk of accidental data loss if the agent attempts to verify vulnerabilities against a production or sensitive database environment without explicit human oversight.

detecting-sql-injection-vulnerabilities