The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it processes untrusted source code that may contain malicious instructions.
Ingestion points: The agent reads application source code from the local filesystem using tools like Read, Grep, and Glob.
Boundary markers: There are no instructions to use delimiters or ignore-previous-instructions markers when reading external files.
Capability inventory: The skill is permitted to write report files and execute system commands via the Bash tool.
Sanitization: No sanitization steps are defined for the input source code before it is interpreted by the agent.
[COMMAND_EXECUTION]: The skill is configured with permissions to execute bash commands, specifically for scanning and security testing purposes.
Evidence: The configuration defines 'allowed-tools' including 'Bash(code-scan:)' and 'Bash(security-test:)'.
Context: This functionality is intended to run local scripts to automate vulnerability detection.
[NO_CODE]: Several scripts described as bundled resources are missing from the provided skill files.
Evidence: The files 'sqli_scan.py', 'sqli_exploit.py', and 'sqli_remediate.py' are referenced in 'scripts/README.md' but the script contents are not included in the package.

detecting-sql-injection-vulnerabilities