The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill implements logic for processing external, untrusted URL data to drive application navigation state, creating a surface for indirect prompt injection.\n
Ingestion points: Usage of onOpenURL and onContinueUserActivity in references/arch-deep-linking.md, references/state-deep-link-urls.md, and references/state-avoid-app-level-path.md.\n
Boundary markers: Absent. The provided code examples do not include delimiters or specific instructions to the agent to treat URL parameters as untrusted data.\n
Capability inventory: The skill possesses the capability to modify the NavigationPath and navigate to any screen defined in the Route enum based on external URL input.\n
Sanitization: The implementation uses basic structural parsing (e.g., DeepLinkParser or Route.fromURL) but lacks specific validation or sanitization of string-based parameters (like productId or orderId) extracted from the URL.\n- External Downloads (LOW): The skill recommends the installation of a third-party dependency for performance optimization.\n
Evidence: references/arch-equatable-views.md references the ordo-one/equatable Swift package via GitHub.\n
Context: The recommendation is for a legitimate performance utility in the Swift ecosystem and aligns with the stated technical purpose of the skill.

ios-navigation