The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it evaluates untrusted input. * Ingestion points: The 'code' parameter in SKILL.md allows arbitrary code input from users or external files. * Boundary markers: There are no instructions or delimiters to prevent the agent from following instructions embedded within the provided code. * Capability inventory: The skill generates suggestions that may be automatically processed by other agents like '04-refactoring', creating a potential multi-step attack chain. * Sanitization: Input code is not sanitized or escaped before processing.
[EXTERNAL_DOWNLOADS] (SAFE): The validation script depends on the 'pyyaml' package for parsing configuration files, which is a standard dependency; it uses safe_load to prevent arbitrary code execution during parsing.

solid-principles