The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to read and explain external content from project files which constitutes an attack surface for indirect injection.
Ingestion points: Reads TASK.md, PLAN.md, and SPEC-###.md from the filesystem.
Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill definition.
Capability inventory: The skill has access to Read, Glob, Grep, and WebSearch tools.
Sanitization: There is no evidence of sanitization or validation of the content being read.
Metadata Poisoning (LOW): The skill metadata references a model version (claude-sonnet-4-20250514) that does not exist, which is misleading.
Data Exposure (LOW): The use of a [project] variable in file paths without explicit validation suggests a potential directory traversal surface, though the skill's intended use is limited to specific project directories.

teach