The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to read and analyze untrusted external data (codebases).
Ingestion points: Files are accessed and ingested through tools such as Read, Grep, Glob, and Bash as defined in SKILL.md and reference/perspectives.md.
Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from executing instructions found within the code it analyzes.
Capability inventory: The skill has access to high-impact tools including Bash, Write, Edit, and Task (which allows spawning additional agents).
Sanitization: The instructions do not specify any sanitization or validation of the data retrieved from the codebase before processing it.
[COMMAND_EXECUTION]: The skill allows the use of the Bash tool. While the workflow suggests its use for discovery (searching and reading files), this tool provides the capability to execute arbitrary commands on the underlying system, which represents a significant attack surface if the agent's logic is subverted.

analyze