The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the analysis of external code.
Ingestion points: The skill accepts code snippets, file paths, and Git repositories via the $ARGUMENTS parameter (SKILL.md).
Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between its own operational instructions and the code being analyzed.
Capability inventory: The skill contains logic for agent routing, review execution, and insight synthesis, which are applied directly to the untrusted input (SKILL.md).
Sanitization: The instructions do not include any steps for sanitizing, validating, or escaping the content of the target project before processing.

performance-testing-review-multi-agent-review