The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it is designed to read and process external codebase files to generate testing logic.
Ingestion points: The skill utilizes Read, Glob, and Grep tools to ingest existing source code and project structures into the agent context (e.g., SKILL.md, references/workflows.md).
Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between its own instructions and potentially malicious instructions embedded in the code it reads.
Capability inventory: The skill possesses the Write capability to create or modify files and the Bash capability to execute commands like dotnet test.
Sanitization: The instructions do not include steps to sanitize or validate code content before it is processed for test generation.
[COMMAND_EXECUTION]: The skill documentation (specifically SKILL.md and references/workflows.md) provides instructions for executing the dotnet test command via a Bash tool. This results in the execution of assembly code generated or modified by the agent, which represents a form of dynamic execution inherent to the skill's testing purpose.

xunit