The Agent Skills Directory

[DATA_EXFILTRATION] (MEDIUM): The scripts/discover.py script uses recursive directory scanning (rglob) on a user-provided path to identify project components. This exposes the existence and names of all files within the target directory to the AI agent, potentially revealing sensitive information like .env files, SSH keys, or internal documentation depending on the scan root.
[PROMPT_INJECTION] (MEDIUM): The skill reads and processes content from untrusted external project files, creating an indirect prompt injection vector.
Ingestion points: scripts/discover.py reads the content of docker-compose.yml via the read_file_preview function.
Boundary markers: None. The file content is returned to the agent within a raw JSON object without delimiters or instructions to ignore embedded commands.
Capability inventory: Filesystem discovery and file reading.
Sanitization: None. An attacker could embed malicious instructions in configuration comments to manipulate the agent's assessment logic or final recommendations.
[COMMAND_EXECUTION] (LOW): The skill relies on the execution of a Python script that accepts a directory path as a command-line argument. While the script itself is local, improper validation of the input path by the agent could lead to directory traversal or unintended scanning of sensitive system areas.

autonomous-agent-readiness