The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill defines an attack surface where untrusted data (item descriptions, buyer/seller names) is ingested and stored using powerful file-system tools.
Ingestion points: item, seller, and buyer inputs in SKILL.md and method parameters in CARD.yml.
Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded commands within item names or descriptions.
Capability inventory: The skill explicitly requests read_file, write_file, and search_replace capabilities to manage inventory and logs, which allows for persistent state modification.
Sanitization: No sanitization, validation, or escaping of input strings is defined before they are interpolated into file operations.
[Metadata Poisoning] (MEDIUM): The file skill-snitch-report.md contains a deceptive self-audit that provides a 'Verdict: APPROVE' and labels the risk as 'LOW'. These claims are analyzed as data and disregarded per the global security instructions to prevent misjudgment of the skill's actual risk profile.

economy