The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted user-provided source code, which serves as an ingestion point for potential malicious instructions embedded in comments or metadata.
Ingestion points: Local Go, Rust, and Protobuf files located in the project directory being scanned.
Boundary markers: Absent; the skill does not implement specific delimiters or instructions to treat analyzed code strictly as data.
Capability inventory: The skill uses grep for string searching and recommends executing go build and go test on the analyzed codebase.
Sanitization: Absent; the skill performs direct analysis on file contents without validation or escaping.
Command Execution (LOW): The skill utilizes local system commands to perform its scanning functions and suggests compilation of the code being audited.
Evidence: Shell-based search commands (e.g., grep -r "range.*map\[" x/) and recommended testing/build commands (go build, go test -fuzz).
Context: These are expected behaviors for a development/security tool but qualify as a low-severity finding for automated agents.

cosmos-vulnerability-scanner