The Agent Skills Directory

[Prompt Injection] (LOW): The file SKILL.md employs high-pressure override markers (e.g., 'ABSOLUTELY MUST', 'not negotiable') to force behavior even for a '1% chance' of relevance, and explicitly commands the agent to ignore its own internal reasoning process ('STOP—you're rationalizing', 'You cannot rationalize your way out of this').
[Indirect Prompt Injection] (LOW): The skill mandates the ingestion of external data (other skills) before performing any other action, increasing vulnerability to malicious content. (1) Ingestion points: The Skill tool is invoked based on content in SKILL.md. (2) Boundary markers: Absent; no delimiters or ignore-instructions for the loaded content are specified. (3) Capability inventory: Mandatory tool use for skill invocation is documented in SKILL.md. (4) Sanitization: Absent; no validation of external skill content is defined.

using-superpowers