The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of analyzing untrusted codebases.
Ingestion points: The skill reads source code and architecture documentation (sast/architecture.md) from the environment.
Boundary markers: The instructions do not implement specific boundary markers or 'ignore' commands when processing code snippets, which may allow malicious content within the code to influence the subagents' analysis logic.
Capability inventory: The agent can write report files (sast/*.md) and initiate multiple subagents to process the data.
Sanitization: There is no evidence of sanitization applied to the source code snippets before they are analyzed by the LLM.

sast-sqli