The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from codebases, specifically from comments, docstrings, and configuration files. There is a inherent risk of indirect prompt injection where malicious instructions embedded in these sources could influence the agent's documentation output or behavior.
Ingestion points: SKILL.md (Extract information from code, configs, and comments); resources/implementation-playbook.md (APIDocExtractor, DocCoverage).
Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions found within documented source material.
Capability inventory: File reading (open), shell execution (implied in CI/CD templates), and documentation artifact generation.
Sanitization: Absent.
[EXTERNAL_DOWNLOADS]: The documentation playbook includes templates and examples that reference external resources from well-known services.
CDN Resources: Uses Swagger UI assets from cdn.jsdelivr.net for interactive API documentation.
CI/CD Actions: The GitHub Actions workflow examples utilize official and widely recognized actions such as actions/checkout, actions/setup-python, and peaceiris/actions-gh-pages.
[DYNAMIC_EXECUTION]: An implementation example provides a pattern for documentation generation using the Python inspect module. This module typically requires the code being analyzed to be imported, which involves executing the module-level code of the target codebase. This is a standard but inherently risky practice when dealing with untrusted code.

code-documentation-doc-generate