The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill processes untrusted user data with powerful system capabilities, creating a surface for indirect prompt injection.
Ingestion points: Untrusted data enters via the $ARGUMENTS placeholder in SKILL.md.
Boundary markers: Absent; user input is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
Capability inventory: The skill has access to Read, Grep, Glob, Edit, Write, and Bash tools as defined in the YAML frontmatter of SKILL.md.
Sanitization: Absent; no escaping or validation is performed on user-provided strings before processing.

moonshine-components