The Agent Skills Directory

[PROMPT_INJECTION]: The skill's design involves ingesting and acting upon data from external, potentially untrusted skill files, which creates an attack surface for indirect prompt injection.\n- Ingestion points: The skill reads SKILL.md and config.json files from all subdirectories within the skill library (e.g., active/ and stable/).\n- Boundary markers: The skill does not use specific delimiters or instructions to prevent the agent from obeying commands that may be embedded within the files it audits.\n- Capability inventory: The skill is authorized to perform file-write operations to repair detected issues, which could be exploited if malicious content influences the repair logic.\n- Sanitization: The skill implements basic sanitization (such as stripping XML tags and slugifying names), but these measures are not comprehensive against sophisticated injection attempts.\n- [NO_CODE]: The skill does not include any executable script files (e.g., .py, .js, .sh) and relies entirely on the agent's internal reasoning and file-handling capabilities to execute the described diagnostic logic.

heal-skill