The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed with proactive defenses against indirect prompt injection. It instructs the agent to treat any text within input code blocks as data rather than instructions, specifically calling out markers like 'IMPORTANT:' or 'IGNORE previous' as items to be disregarded.
Ingestion points: The skill processes user-supplied source code through the /kiss-dry-yagni command.
Boundary markers: The agent is directed to use markdown code delimiters and strictly ignore directive-like strings within the code.
Capability inventory: The skill facilitates code refactoring and file writing but includes a mandatory checklist to prevent the deletion of security logic.
Sanitization: It requires path validation to ensure the agent only modifies files within the workspace.
[DATA_EXFILTRATION]: No data exfiltration vectors were detected. The skill focuses on local code optimization and includes specific instructions to preserve logging sanitization, preventing sensitive data like passwords or tokens from being exposed in logs.
[REMOTE_CODE_EXECUTION]: There is no evidence of remote code execution capabilities. While the resources directory references various third-party libraries and tools (e.g., bcrypt, argon2, helmet), these are provided as best-practice recommendations for secure code output, not as executable scripts for the agent's host environment.
[COMMAND_EXECUTION]: The skill does not execute arbitrary system commands. It provides guidance on using safe subprocess patterns (e.g., using argument lists instead of shell=True) and requires that all operations be performed with the least privilege necessary for code refactoring.

linus-kiss-dry-yagni