The Agent Skills Directory

[PROMPT_INJECTION]: The skill's design involves processing untrusted external data, which introduces a surface for indirect prompt injection attacks where malicious instructions hidden in analyzed code could influence agent behavior.
Ingestion points: The agent reads untrusted code diffs and file contents using the Read, Grep, and Glob tools as specified in the skill configuration.
Boundary markers: The prompt does not provide explicit markers or instructions to isolate the analyzed code or to ignore potential instructions embedded within the untrusted input.
Capability inventory: The agent is permitted to use the Bash tool, which increases the potential impact if the agent were to follow instructions found within a malicious diff.
Sanitization: No validation or sanitization of the input code is specified before it is processed by the agent.
[NO_CODE]: The skill consists exclusively of markdown instructions and YAML metadata. It contains no executable scripts, compiled binaries, or automated shell commands, which limits the direct risk of the skill itself performing malicious actions.

api-contract-reviewer