The Agent Skills Directory

Indirect Prompt Injection (LOW): The Documentation Specialist skill is designed to ingest source code, architectural descriptions, and API specifications to generate technical documentation. This creates a surface for indirect prompt injection where malicious instructions hidden in code comments or metadata could influence the agent's behavior during the documentation process.
Ingestion points: Project files (README, API docs, architecture docs) and source code are read via the Read and Grep tools as specified in core_documentation-specialist.md.
Boundary markers: The skill instructions do not specify any boundary markers or instructions for the agent to ignore potentially malicious content embedded within the source files it processes.
Capability inventory: The skill is equipped with powerful tools including Bash, Write, Read, Grep, Glob, and LS, which could be exploited if an injection is successful.
Sanitization: There is no evidence of input validation or sanitization of the content extracted from the source files before it is processed by the LLM.
Command Execution (SAFE): The skill utilizes the Bash tool to perform documentation-related tasks such as installation and usage verification. While Bash is a high-privilege tool, its use in this context is restricted to technical writing and documentation verification, and no malicious command patterns were detected within the skill's scripts.

documentation-specialist