The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect injection as it reads project-level files (README, ROADMAP, etc.) which may contain untrusted data. Evidence: (1) Ingestion points: README.md, ARCHITECTURE.md, ROADMAP.md, .agent/rules/, docs/dev/. (2) Boundary markers: Absent. (3) Capability inventory: Limited to reading and writing Markdown documentation; no shell execution, system modification, or network access. (4) Sanitization: None.
[Data Exposure] (SAFE): No access to sensitive system files (~/.ssh, .env) or hardcoded credentials was detected.
[Remote Code Execution] (SAFE): No patterns for remote code execution, package installation, or dynamic script generation were found.

conductor