The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect injection because it is designed to ingest and process data from the project directory. Ingestion points: Files within spaces/[project]/, resources/research/, and ideas/ are accessed via Read, Grep, and Glob. Boundary markers: No explicit markers are used to separate untrusted codebase content from the agent's instructions. Capability inventory: The skill uses Bash, Write, and Edit tools, allowing for arbitrary command execution and file system changes. Sanitization: No evidence of sanitization or filtering of ingested file content is present.
[Command Execution] (MEDIUM): The skill explicitly grants and utilizes the Bash tool to execute shell commands such as npm test and npm run dev. This capability is a necessary feature for debugging but serves as an immediate vector for exploitation if the agent's logic is subverted through malicious content in the codebase.
[Data Ingestion Surface] (LOW): The skill's 'Research' phase involves extensive file system exploration, which increases the likelihood of encountering and processing maliciously crafted files or comments intended to influence the agent's behavior.

troubleshoot