The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it is designed to analyze untrusted external data, including user-provided plans, code snippets, and architectural decisions. It lacks specific instructions to use boundary markers or to ignore instructions embedded within the data being reviewed, which could theoretically be used to manipulate the agent's critique. 1. Ingestion points: The skill processes user-supplied descriptions, pointed files, and previous session outputs. 2. Boundary markers: No delimiters or isolation instructions are provided in the skill body. 3. Capability inventory: The skill is restricted by its own instructions to review and recommendation only, and it explicitly prohibits rewriting code. 4. Sanitization: There is no evidence of data validation or content filtering before the analysis is performed.

devils-advocate