The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted external artifacts and interpolating them directly into sub-agent prompts during the audit process.
Ingestion points: Artifacts and files defined in the working_scope are read from the file system and passed to auditor agents (SKILL.md).
Boundary markers: Auditor templates utilize markdown headers for structure but lack explicit instruction isolation or strong delimiters (e.g., XML tags or "ignore instructions" warnings) to prevent embedded commands from influencing sub-agents (SKILL.md).
Capability inventory: The skill possesses significant capabilities, including file system access via Read, Write, and Bash, and the ability to orchestrate complex tasks via the Task tool (SKILL.md).
Sanitization: No evidence of content validation, escaping, or sanitization is present before the data is interpolated into auditor prompts.
[EXTERNAL_DOWNLOADS]: The skill identifies external dependencies and provides instructions for retrieving them from a vendor-specific source.
Evidence: Error messages guide the user to clone the github.com/mikeng-io/agent-skills repository to install missing dependency skills (SKILL.md).
[COMMAND_EXECUTION]: The skill utilizes restricted shell commands for necessary environment and output management.
Evidence: Uses ls for dependency verification and mkdir for managing report output directories (SKILL.md).

deep-audit