The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze external codebase data, creating a surface for indirect prompt injection.
Ingestion points: The agent uses Grep, Glob, and Read tools to pull arbitrary file content from the local environment into its context.
Boundary markers: There are no instructions defining delimiters (e.g., XML tags or triple quotes) or specific 'ignore instructions' warnings to prevent the agent from obeying commands embedded in codebase comments or strings.
Capability inventory: The skill allows the agent to use Write and Edit tools to modify files, and the Task tool to orchestrate other agents, which could be exploited if the agent follows malicious instructions found in the code.
Sanitization: No sanitization or validation of the ingested text is performed before it is used to influence agent decisions or documentation generation.
Mitigation: The 'Review Phase' explicitly requires presenting all agent findings to the user and waiting for confirmation before proceeding, which significantly reduces the risk of automated exploitation.

codebase-analysis