The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of arbitrary repository files. It lacks boundary markers and sanitization when reading untrusted content from the repository root, allowing embedded instructions in code or documentation to potentially influence agent behavior.\n- [PROMPT_INJECTION]: Ingestion points: The skill uses rg --files to index the repository and reads content from various files including README documentation, dependency manifests (package.json, pyproject.toml), and primary source code entry points.\n- [PROMPT_INJECTION]: Boundary markers: There are no explicit delimiters or instructions to the agent to disregard natural language instructions that might be contained within the analyzed files.\n- [PROMPT_INJECTION]: Capability inventory: The skill's capabilities are restricted to listing directory contents and reading file data; it does not include network access, subprocess execution, or write permissions.\n- [PROMPT_INJECTION]: Sanitization: Content retrieved from the repository files is processed directly without sanitization or validation to filter out potential injection attempts.

repo-explainer