The Agent Skills Directory

[PROMPT_INJECTION]: User-provided input via the $ARGUMENTS placeholder is interpolated directly into the agent instructions without sanitization or boundary markers, creating a surface for potential behavior override.
Ingestion points: $ARGUMENTS variable in SKILL.md.
Boundary markers: Absent; user input is not delimited or clearly separated from the system instructions.
Capability inventory: The agent has access to Bash, Read, Glob, Grep, and Task tools, which represent significant capabilities if compromised.
Sanitization: Absent; no validation or filtering is applied to the arguments before they are processed by the agent.

analyze