The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill provides tools for reading file contents, which creates an attack surface where data processed by the agent could contain instructions designed to influence its behavior.
Ingestion points: read_file, list_directory (SKILL.md).
Boundary markers: Absent in the skill definition.
Capability inventory: write_file, save_file, apply_file_changes (SKILL.md).
Sanitization: No sanitization or validation of file content is described.

filesystem