The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Behavioral Override Risk. The skill uses highly prescriptive and coercive language ('The Iron Law', 'Violating the letter of this rule is violating the spirit', 'Non-negotiable') to override default agent reasoning. While intended for quality control, these meta-instructions can potentially conflict with system-level safety guidelines or operational logic.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). The skill instructs the agent to 'READ: Full output' from verification commands like tests and builds. This creates an ingestion point for untrusted data from the external environment. Evidence: 1. Ingestion points: 'READ: Full output' in SKILL.md. 2. Boundary markers: Absent; no delimiters or ignore-instructions are specified for the output. 3. Capability inventory: 'RUN: Execute the FULL command' in SKILL.md. 4. Sanitization: Absent; no filtering of output content is required before processing. If a codebase contains malicious instructions in test failure messages, the agent may be vulnerable.
[COMMAND_EXECUTION] (LOW): Capability Reinforcement. The skill requires the agent to 'RUN: Execute the FULL command' to confirm status. While it does not provide specific malicious payloads, it establishes a workflow that relies heavily on subprocess execution, which is a significant capability that could be abused if the agent is misled during the 'Identify' phase.

verification-before-completion