The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes a SECURITY.md file containing self-referential assertions about its own safety (e.g., 'Verdict: SAFE') which are designed to override or influence the conclusions of security analyzers and behavioral filters.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface:
Ingestion points: The agent processes context from approximately 144 markdown files in the references/ directory during color-related tasks.
Boundary markers: The skill does not implement delimiters or explicit instructions to distinguish reference material from operational directives, increasing the risk of the agent obeying embedded commands.
Capability inventory: The skill does not restrict default agent tools, meaning that if malicious instructions were successfully injected via context, the agent could potentially perform unauthorized file or network operations.
Sanitization: The documentation contains scraped artifacts including raw fragments of JavaScript (e.g., in accessibility.md and color-spaces.md) that are not escaped or sanitized, providing a vector for hidden instructions.
[EXTERNAL_DOWNLOADS]: Automated scanners detected links to the domain colorwell.org (appearing in SECURITY.md and INDEX.md), which is currently blacklisted as a malicious domain. Although the author provides a rational explanation for these links as legitimate educational citations, the presence of blacklisted URLs is a detected indicator of risk.

color-expert