The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion of untrusted external data without adequate safety boundaries.
Ingestion points: The workflow processes $ARGUMENTS, Real User Monitoring (RUM) data, and production traffic patterns in SKILL.md.
Boundary markers: Absent. The instructions do not define delimiters or use 'ignore embedded instructions' warnings for external data.
Capability inventory: The sub-agents are granted capabilities to modify backend code, optimize database indexes/queries, and integrate with CI/CD pipelines (GitHub Actions).
Sanitization: Absent. There is no evidence of input validation or escaping for the external data being interpolated into agent prompts.
[COMMAND_EXECUTION]: The skill coordinates high-privilege operations that involve system-level and infrastructure-level modifications.
Evidence: Instructions for sub-agents to 'create missing indexes', 'integrate with CI/CD pipeline', and configure 'CloudFlare/CloudFront' rules in SKILL.md.
Sensitive Data Access: The skill requests the generation of 'flame graphs for CPU usage', 'heap dumps for memory analysis', and access to 'slow query logs', which often contain PII or sensitive system internals.

application-performance-performance-optimization