The Agent Skills Directory

Prompt Injection (LOW): Detected surface for indirect prompt injection (Category 8). The skill ingests untrusted data from documentation files and pull request diffs which could contain malicious instructions.\n- Ingestion points: Markdown files and GitHub PR diffs (via mcp__github__get_pull_request_diff).\n- Boundary markers: Absent. The instructions do not define delimiters or ignore markers for external content.\n- Capability inventory: Access to Bash tool, Read, Grep, and GitHub review creation tools.\n- Sanitization: Absent. Content is processed directly without filtering.

docs-review