The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to ingest and analyze untrusted content from external documentation websites (e.g., HTML, Markdown, /llms.txt) and then use that analysis to propose code changes via Pull Requests. An attacker-controlled documentation site could include malicious instructions that the agent might inadvertently follow.\n- Ingestion points: External URLs provided by the user, including /llms.txt, /robots.txt, and documentation pages fetched via WebFetch in SKILL.md.\n- Boundary markers: The instructions lack clear delimiters or "ignore embedded instructions" warnings when processing external site content.\n- Capability inventory: The skill uses WebFetch and WebSearch to read data and is explicitly instructed to "Offer to open a PR" to modify the codebase based on the audit findings.\n- Sanitization: There is no evidence of content sanitization, escaping, or validation before the agent analyzes the fetched documentation content.

docs-agent-audit