The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill analyzes untrusted repository content to generate agent instructions, which could lead to a 'poisoned' documentation file if the source files are compromised.
Ingestion points: SKILL.md Phase 1 explicitly reads README.md, CONTRIBUTING.md, and files within the docs/ directory.
Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are used during the data ingestion phase.
Capability inventory: The skill is granted Read, Write, and Edit permissions, along with restricted Bash access (limited to ls, git, and tree). It cannot access the network or execute arbitrary code.
Sanitization: There is no explicit sanitization or validation of the text extracted from repository documents before it is summarized into the generated markdown files.

agentsmd-claudemd-generator