The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill's primary purpose is API integration and handling long-polling responses, which constitutes a major ingestion surface for untrusted external data.
Ingestion points: Processes data from third-party APIs, webhooks, and long-polling handlers (SKILL.md).
Capability inventory: The skill explicitly requests access to Bash, Write, Edit, and Read tools, providing a wide attack surface if the agent is manipulated.
Boundary markers: There are no instructions provided to the agent to distinguish between its own system prompt and instructions that may be contained within the external data it processes.
Sanitization: The skill lacks any defined validation or sanitization logic for the data it handles.
[Command Execution] (MEDIUM): The inclusion of the Bash tool in the allowed-tools list without specific constraints is a risk factor. In an API integration context, this can be leveraged to execute commands derived from malicious external payloads.

long-polling-handler