The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill establishes an attack surface for indirect prompt injection by processing untrusted data. 1. Ingestion points: Research and inspiration data collected via browser extensions and internal project documentation files located in the .agents/ directory (SKILL.md). 2. Boundary markers: Absent; there are no instructions provided to the agent to treat external data as untrusted or to isolate it using delimiters (SKILL.md). 3. Capability inventory: The skill allows the agent to scan the codebase, synthesize research findings, and generate content for multiple platforms (SKILL.md). 4. Sanitization: Absent; the skill does not define any methods for filtering or escaping content ingested from project files or external tools (SKILL.md).

planning-assistant