The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external data from manual test scripts, which presents a surface for indirect prompt injection.
Ingestion points: The workflow reads files from the tests/manual/ directory and various infrastructure scripts using the Read and Grep tools.
Boundary markers: No specific delimiters or markers are defined to isolate audited content from the agent's core instructions, potentially allowing data to be misinterpreted as commands.
Capability inventory: The agent has access to Bash, Grep, Glob, and Read, providing a capability set that could be misused if the agent obeys instructions found within the data.
Sanitization: The workflow does not describe any sanitization, validation, or escaping of the audited script content before it is processed.

ln-636-manual-test-auditor