The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process external configuration data. * Ingestion points: The skill reads various configuration files including Terraform (.tf), Kubernetes manifests, and application properties as defined in SKILL.md and references/implementation.md. * Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish between configuration data and potential malicious instructions embedded within comments or metadata. * Capability inventory: The skill is granted permissions for Read, Write, Edit, and Bash tools, which could be leveraged if an injection attack successfully influences agent behavior. * Sanitization: The provided scripts (scripts/security_scan.py and scripts/report_formatter.py) lack logic to validate or sanitize the contents of the files being processed.

finding-security-misconfigurations