The Agent Skills Directory

[Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) by design.
Ingestion points: In Phase 1 (Research), the skill uses WebFetch and WebSearch to pull data from external, untrusted sources into the agent's context.
Boundary markers: There are no instructions or delimiters specified to help the agent distinguish between legitimate research data and potentially malicious instructions embedded in web pages or documentation.
Capability inventory: The skill utilizes Grep, Glob, WebFetch, and general task execution capabilities (Phase 4).
Sanitization: The workflow lacks any sanitization or verification steps for the data gathered before it influences the final execution phase.
[Data Exposure & Exfiltration] (LOW): The skill performs network operations to non-whitelisted domains.
Evidence: The use of WebFetch and WebSearch in Phase 1 allows the agent to connect to arbitrary external URLs. While this is necessary for the skill's research function, it constitutes a potential vector for data exposure if combined with the skill's ability to read local codebase files via Grep or Glob.

prompt-improver