The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection because it is designed to ingest and process untrusted data from project files to generate documentation.
Ingestion points: The skill reads from src/cli.rs, Cargo.toml, and other project files using Read, Glob, and Grep tools.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands in the source data are provided in the prompt.
Capability inventory: The skill has high-privilege capabilities including Edit, Write, and Bash, which could be exploited if malicious instructions are processed from the source files.
Sanitization: There is no evidence of sanitization or validation of the content read from files before it is processed or written to other locations (like the website or source code).
[Data Exposure & Exfiltration] (SAFE): The skill accesses the path ~/Documents/markdown-notes/Voxtype/. While this is in the user's home directory, it is a specific, project-related path for an Obsidian vault and does not target sensitive credential files like SSH keys or AWS configs.
[Command Execution] (SAFE): The skill utilizes the Bash tool, but its use-case is restricted to generating documentation examples and performing standard file operations consistent with its primary purpose.

update-docs