The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill reads and analyzes content from arbitrary markdown files within the repository, creating a surface where malicious instructions in those files could influence the configuration generation.
Ingestion points: Local markdown files identified via Glob and read via the Read tool (SKILL.md Step 1 and 2).
Boundary markers: Absent. No delimiters or instructions are used to ignore potential commands embedded within the analyzed documents.
Capability inventory: Bash, Write, Edit, Read, Glob, Grep, Task (SKILL.md allowed_tools).
Sanitization: Absent. The skill directly analyzes document patterns and interpolates the results into the new .docstore/metadata-format.md file.
Command Execution (SAFE): Although the skill requests the Bash tool, the workflow only describes using it for local pattern searching and file management, with no evidence of remote command execution or shell injection patterns.

docstore-init