The Agent Skills Directory

[PROMPT_INJECTION]: The skill's workflow involves reading and processing source code, which introduces a potential for indirect prompt injection. Evidence for the risk chain: 1. Ingestion points: Untrusted source code is read using the read_file and grep tools. 2. Boundary markers: The skill does not implement delimiters or safety instructions to prevent the agent from obeying commands embedded in code comments. 3. Capability inventory: The agent has the power to modify the filesystem (edit_file, rewrite_file) and execute commands (run_command). 4. Sanitization: No sanitization or verification of the ingested code content is performed.
[COMMAND_EXECUTION]: The skill is configured to run external documentation tools via run_command. Evidence: It executes well-known builders such as npx typedoc and sphinx-build. These operations are consistent with the skill's primary purpose but involve executing logic defined within the project's own environment.

code-documenter