The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its processing of user-supplied arguments.
Ingestion points: Untrusted data enters the agent context via the $ARGUMENTS variable in SKILL.md.
Boundary markers: Absent. The skill does not use delimiters or instructions to ignore potential commands embedded within the user's prompt request.
Capability inventory: The skill utilizes Write, Read, and Bash(mkdir:*) tools to modify the local filesystem.
Sanitization: Absent. There is no validation or escaping of the user-provided input before it is used to generate content written to .ai/PROMPT.md.

refine-prompt