The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data from the local environment to perform analysis. An attacker could embed malicious instructions in log files or source code that might influence the agent's behavior when it uses its execution tools.
Ingestion points: The skill uses read_file to observe logs, stack traces, and source code files as described in the 'Operational Sequence' of SKILL.md and the 'Backtracking' technique in root-cause-tracing.md.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the processed data were found.
Capability inventory: The skill has access to read_file, write_file, edit_file, and run_command tools.
Sanitization: No evidence of sanitization or validation of the content read from files before it is processed or used to generate reproduction scripts.
Dynamic Execution (LOW): As part of its core functionality, the skill generates and executes local scripts (e.g., repro.js) to confirm bug fixes, as outlined in root-cause-tracing.md. This is a legitimate use case for a debugger but constitutes dynamic code generation and execution from potentially untrusted inputs.

resonance-debugger