The Agent Skills Directory

Data Exposure & Exfiltration (LOW): The file concurrency-patterns/SKILL.md contains a hardcoded absolute path to a file in a specific user's directory (/Users/ravishankar/Downloads/docs/Swift-Concurrency-Updates.md). While this path points to documentation rather than credentials, referencing absolute paths in a user's home directory is a poor security practice that can lead to unintentional information disclosure about the host environment or cause tool failures if the agent attempts to access the location.
Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze external data (Swift source code) using tools like Read, Glob, and Grep.
Ingestion points: The skill reads and greps through local project files to provide architectural advice.
Boundary markers: Absent. The instructions do not include delimiters or warnings for the agent to ignore instructions embedded within the analyzed source code.
Capability inventory: The skill manifest (SKILL.md) only allows Read, Glob, and Grep. It lacks high-risk capabilities such as network access, arbitrary command execution, or file-writing tools.
Sanitization: None. The skill assumes all content in the project directory is trusted data rather than potential adversarial instructions.

swift-development