The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8). It is explicitly instructed to fetch external documentation (https://docs.avohq.io/3.0/llms-full.txt) and follow its patterns for subsequent code generation and execution.
Ingestion points: WebFetch operation in SKILL.md targeting an external domain.
Boundary markers: Absent. There are no delimiters or instructions to treat the external content as data rather than instructions.
Capability inventory: The skill possesses Bash, Write, and Edit permissions, allowing it to modify the local filesystem and execute shell commands.
Sanitization: Absent. There is no evidence of filtering or validation of the content fetched from the remote documentation source.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs runtime network requests to docs.avohq.io to retrieve executable instructions (documentation). This domain is not within the pre-defined [TRUST-SCOPE-RULE] list, posing a risk if the source is compromised or spoofed.
[COMMAND_EXECUTION] (LOW): The skill uses the Bash tool to run Rails generators (bin/rails generate). While this is standard for the skill's stated purpose, it serves as the primary execution vector if the agent is manipulated via the external documentation source.

avo-coder