The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The documentation defines a toolset that combines external data ingestion with high-privilege capabilities. Ingestion points: webfetch and read tools (SKILL.md). Boundary markers: None specified in the guide. Capability inventory: bash (shell execution), write/edit/patch (filesystem modification), and mcp (server integration) as listed in SKILL.md. Sanitization: No sanitization or validation protocols are mentioned.
[Metadata Poisoning] (SAFE): Metadata fields (name, description) accurately reflect the content and purpose of the skill.
[No Code] (SAFE): The skill consists exclusively of markdown documentation and does not include any scripts or executable files.

opencode-expert