The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it systematically crawls and processes all files and subdirectories within a repository to generate documentation. If the repository contains malicious instructions (e.g., hidden in code comments or README files), the agent might follow them during the analysis phase.
Ingestion points: The workflow reads the entire codebase in Phase 1.1 and 1.2, deployment configurations (Dockerfiles, Kubernetes manifests) in Phase 3.1, and general system documentation in Phase 4.1.
Boundary markers: The instructions provided to subagents (e.g., 'Analyze the code in directory: [directory_path]') do not employ delimiters or specific instructions to ignore embedded commands or overrides within the source material.
Capability inventory: The skill possesses the capability to write numerous files to the local filesystem (within the 'C4-Documentation/' directory) and trigger specialized sub-tasks through the 'Task' tool.
Sanitization: Although the skill includes logic to sanitize filenames, there is no evidence of sanitization or filtering for the content extracted from the code before it is synthesized into the documentation output.

c4-architecture-c4-architecture