The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by generating instructions for new skills based on untrusted user-provided problem descriptions.
Ingestion points: The user_problem field in agents/project-scanner.md and the --problem argument in scripts/init_skill.py collect user input for interpolation.
Boundary markers: The skill uses YAML frontmatter and Markdown headers in assets/skill.md.template to structure output, though it lacks explicit instructions to the LLM to ignore embedded commands within the generated description and intro sections.
Capability inventory: The skill utilizes agents for project-wide file reading and a script for directory and file creation.
Sanitization: The initialization script performs basic word extraction and joining for naming, but does not sanitize the body text for markdown or instruction injection. This is considered acceptable as it is the primary purpose of the tool.
[COMMAND_EXECUTION]: The skill includes a local Python script (scripts/init_skill.py) used to automate the creation of skill directories and files.
Evidence: The script uses the pathlib and argparse modules to resolve paths, create directories, and write templated content to the project's filesystem.
Safety Controls: The script generates filenames based on a sanitized version of the problem description, reducing the risk of path traversal through user-supplied names.
[DATA_EXFILTRATION]: The skill contains logic to scan and analyze the local project environment to determine the technology stack and coding style.
Evidence: agents/project-scanner.md and agents/tech-stack-analyzer.md describe procedures for reading project manifest files (e.g., package.json, go.mod, Podfile) and sampling source code.
Safety Controls: references/path-discovery.md provides explicit negative constraints, instructing the agent to use project-relative paths and strictly avoid global directories such as ~/.trae/ or ~/.trae-cn/.

project-skill-writer