The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its requirement to read and analyze untrusted files from a repository. \n- Ingestion points: The exploration phase in SKILL.md instructions requires the agent to "Inspect relevant files" and "Explore the codebase". \n- Boundary markers: The skill does not define delimiters or provide specific instructions for the agent to ignore or isolate commands found within the files it reads. \n- Capability inventory: The agent has the capability to write files (the plan documentation), which could be manipulated by content found in the analyzed files. \n- Sanitization: There are no instructions for validating, escaping, or sanitizing the data read from the repository files before it is processed. \n- [NO_CODE]: The skill consists entirely of markdown-based instructions in SKILL.md and does not include any accompanying scripts, binaries, or executable code files.

super-plan