The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided code files (ingestion point) without using explicit boundary markers or instructions to disregard embedded commands (boundary markers absent). The agent's capability inventory includes file 'Read', 'Write', and 'Edit' tools, as well as shell command execution for its 'Memory Protocol'. There is no evidence of sanitization or validation of the input code before it is processed (sanitization absent). An attacker could place malicious instructions inside a code file that, when reviewed by the skill, might trick the agent into performing unauthorized file modifications or sensitive data access.

configuration-management