The Agent Skills Directory

[Category 8: Indirect Prompt Injection] (HIGH): The skill has a significant attack surface because it is instructed to 'Deeply research all systems' and 'Read existing documentation' at 'all levels'. This is a classic Indirect Prompt Injection vector.
Ingestion points: Phase 1 and Phase 2 explicitly instruct the agent to read top-level directories, README.md files at all levels, inline documentation, and test files (SKILL.md).
Boundary markers: There are no instructions to use delimiters or ignore instructions embedded within the files being analyzed.
Capability inventory: The skill uses the write_blueprint tool to write files to the repository root and updates an index at .claude/rules/hashi-blueprints/blueprints-index.md. Writing to the .claude/rules/ directory is particularly sensitive as it modifies the agent's operating instructions.
Sanitization: No sanitization or validation of the ingested content is mentioned. Malicious instructions placed in a code comment or README could be summarized and persisted into the blueprint index, which the agent may then follow in subsequent sessions.

generate-blueprints