The Agent Skills Directory

[PROMPT_INJECTION]: The skill operates by ingesting and analyzing untrusted data from the project codebase and security scan results to determine remediation plans, which presents an attack surface for indirect prompt injection.
Ingestion points: Source files (SKILL.md Phase 3.1), dependency manifests (SKILL.md Phase 4.1), and Snyk scan outputs (SKILL.md Phase 2.1).
Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded prompts within the ingested file content.
Capability inventory: The agent is authorized to use Bash, Write, Edit, Read, and Grep tools.
Sanitization: There are no explicit instructions to sanitize or validate the content of files before processing them for automated code modification.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform various project operations, including running Snyk scans, executing package managers (such as npm, pip, and maven), and running project test suites. It also provides instructions to attempt operations with elevated permissions if package installation fails.
[EXTERNAL_DOWNLOADS]: The skill automates the download and update of software packages from official public registries (e.g., npm, PyPI, Maven) to resolve identified dependency vulnerabilities.

snyk-fix