The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion of untrusted external data through the $ARGUMENTS parameter.
Ingestion points: The skill accepts error context, stack traces, and log files in SKILL.md, which may be attacker-controlled.
Boundary markers: There are no explicit delimiters or instructions to ignore commands within the data, which may lead the agent to follow instructions embedded in logs.
Capability inventory: The agent is authorized to conduct targeted experiments and propose code fixes based on the analyzed data.
Sanitization: While the skill suggests redacting PII, it lacks mechanisms to sanitize or validate input for malicious instructions.

error-debugging-error-analysis