The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to scan user-controlled project files which can contain malicious instructions. Evidence Chain: 1. Ingestion points: Local filesystem scanned via the --root parameter in the referenced validate.py script. 2. Boundary markers: None identified in the provided documentation or metadata to isolate ingested code from the agent instructions. 3. Capability inventory: The skill executes a local Python script and performs file read operations. 4. Sanitization: No sanitization or escaping mechanisms are documented for the content processed during validation.- Metadata Poisoning (LOW): The description and documentation refer to 'Next.js 16', which is currently a non-existent version. While likely a hallucination or typo, this constitutes misleading metadata regarding the skill's actual environment compatibility.

clerk-validator