The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill extracts and processes snippets from a target codebase and passes them to LLM subagents, creating a surface for indirect prompt injection.
Ingestion points: Source code is read by scripts/extract-functions.sh from a user-specified directory.
Boundary markers (absent): Prompt templates in scripts/categorize-prompt.md and scripts/find-duplicates-prompt.md lack delimiters or instructions to ignore embedded commands within the code context.
Capability inventory: The skill prompts use the agent's 'Write' tool, and several bash scripts perform local file operations (rg, jq, mkdir).
Sanitization (absent): There is no evidence of escaping or sanitization of the code snippets before they are interpolated into the LLM prompts.

finding-duplicate-functions