The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to use local commands including wc -l for line counting, ls -l for checking file permissions, and python -m py_compile for non-destructive syntax validation of Python files within the target directory. These are diagnostic operations used purely for auditing purposes.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it reads and evaluates content from untrusted external skill directories. 1. Ingestion points: The agent reads the SKILL.md and all files within the references/, assets/, and scripts/ directories of the target skill. 2. Boundary markers: Absent; the skill does not use specific delimiters to isolate the audited content from the system prompt. 3. Capability inventory: Read-only file system access and execution of standard diagnostic shell commands. 4. Sanitization: None; the content is evaluated directly against the audit criteria.

skill-reviewer