The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill serves as an attack surface for indirect prompt injection. By searching and reading source code files, the agent may ingest malicious instructions embedded in code comments or strings. -- Ingestion points: The 'osgrep' command and 'Read' tool are used to bring external file content into the agent's execution context. -- Boundary markers: The skill definition lacks instructions for the agent to use delimiters or to treat the retrieved code as untrusted data. -- Capability inventory: The agent has the capability to execute bash commands and read file system contents, which could be exploited if the agent follows instructions found within a codebase. -- Sanitization: There is no evidence of sanitization or filtering of the content returned by 'osgrep' or the 'Read' tool.

osgrep