The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates content from local documentation files into its context.
Ingestion points: The skill reads docs/03-워크플로우.md, docs/01-아키텍처.md, and various files within docs/기능별설명/ using the Read tool.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the documentation files are present.
Capability inventory: The skill is granted access to Bash, Read, Glob, and Grep tools.
Sanitization: No sanitization or validation of the documentation content is performed before processing.
[COMMAND_EXECUTION]: The skill is configured with access to the Bash tool in its allowed-tools list. Although the instructions explicitly forbid code generation or file modification ("절대 코드를 생성하거나 파일을 수정하지 않는다"), the availability of a shell environment alongside tools that read untrusted local files creates a potential attack surface.

peach-help