The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and act upon untrusted external data such as error messages, stack traces, and logs. * Ingestion points: In SKILL.md (Phase 1), the agent is instructed to read error messages, stack traces, and system logs from various components. * Boundary markers: The instructions lack specific delimiters or guidelines to distinguish between agent instructions and the data being analyzed. * Capability inventory: The skill demonstrates shell execution capabilities via diagnostic examples in SKILL.md (using tools like env and security) and the find-polluter.sh utility script. * Sanitization: There is no evidence of data sanitization or validation performed on external content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill includes a shell script find-polluter.sh which executes npm test on files matching a user-provided pattern. This tool is intended for bisection to find tests causing state pollution.

fault-diagnosis