The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted content from various project files to generate documentation updates.
Ingestion points: The skill reads multiple user-controlled files including README.md, CONTRIBUTING.md, package.json, pyproject.toml, Cargo.toml, and go.mod across all workflow files.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing these files.
Capability inventory: The skill has access to shell execution (bash) for file operations, git commands, and network requests (curl), as well as file write/edit tools.
Sanitization: There is no evidence of sanitization or filtering applied to the data ingested from the codebase before it is used to influence agent decisions or output.
[COMMAND_EXECUTION]: The skill analyzes project configuration files (like package.json or Makefile) to identify and suggest build or test commands. If these files are maliciously crafted, the agent might suggest or execute harmful commands as part of the documentation update process.
[DATA_EXFILTRATION]: In references/update-contributing.md, the skill extracts URLs from CONTRIBUTING.md and uses curl -sI to verify them. This represents an automated network request to arbitrary external destinations found within untrusted project data.

md-docs