The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection (Category 8). It is designed to read and analyze external project files (untrusted data) using the 'Read' and 'Bash (rg)' tools. Findings from these files are then interpolated directly into the prompts of sub-agents using template literals in phases/02-project-exploration.md.\n
Ingestion points: Project files are read in Phase 2 and Phase 3 to generate analysis JSON/MD.\n
Boundary markers: There are no XML-style tags or unique delimiters used to separate the instructions from the untrusted content being analyzed.\n
Capability inventory: The agents have access to Bash (shell execution), Write (filesystem modification), and Task (spawning new agents), providing a high-impact exploitation path if the agent is subverted.\n
Sanitization: No escaping or filtering is performed on the data read from the codebase before it is passed to the next agent.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill references an unverifiable external script (Category 4). In phases/02-project-exploration.md, the sub-agent is instructed to run get_modules_by_depth.sh and a ccw tool command. These files/tools are not part of the provided skill package, creating an unverifiable dependency and a potential supply-chain risk if the environment contains a malicious version of these scripts.\n- COMMAND_EXECUTION (MEDIUM): Dynamic execution through prompt construction (Category 10). The skill dynamically constructs agent prompts based on results read from the filesystem. If previous analysis steps were compromised by a malicious file, the 'consolidation' and 'refinement' agents could be manipulated into executing dangerous shell commands via the Bash tool.

project-analyze