The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external source code and violation reports. \n- Ingestion points: Untrusted data enters the agent context through the reading of source files at target_path and the violations_report parameter. \n- Boundary markers: Absent. There are no explicit instructions or delimiters defined to prevent the agent from obeying natural language commands that might be embedded in code comments or strings. \n- Capability inventory: The skill has the ability to read and overwrite local files when apply_mode is set to apply. It also instructs the user to execute shell commands for linting and testing (e.g., ruff, pytest, cargo). \n- Sanitization: Absent. The skill performs no validation or filtering of the input code content to identify or strip potential malicious instructions before processing.

clean-code-refactor