The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill has a surface for indirect prompt injection as it processes external stakeholder data and environment variables.
Ingestion points: Untrusted data enters the context through the $TASK environment variable and stakeholder requirement inputs described in the documentation.
Boundary markers: No delimiters or "ignore instructions" warnings are used to separate external data from the system prompts or templates.
Capability inventory: The skill has access to file system tools (Read, Write, Edit, Grep, Glob) and the ability to execute shell hooks.
Sanitization: There is no evidence of sanitization, escaping, or validation of inputs before they are processed or interpolated into commands.
[Command Execution] (LOW): The skill uses shell hooks that interpolate variables directly into commands.
Evidence: The pre hook in SKILL.md executes memory_store "spec_start_$(date +%s)" "Task: $TASK". The direct interpolation of $TASK into the shell environment could allow command injection if the variable contains subshell execution patterns (e.g., $(...)) and is not sanitized by the execution host.

sparc-specification