The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface detected. The skill is designed to ingest and process project requirements from external files, which could contain malicious instructions. Evidence Chain: 1. Ingestion points: The skill reads project data using the Read, Grep, and Glob tools defined in SKILL.md. 2. Boundary markers: Absent; there are no instructions to the agent to ignore or delimit embedded commands within analyzed requirements. 3. Capability inventory: The agent can modify files using Write and Edit and manage persistent state via memory_store as defined in SKILL.md. 4. Sanitization: None observed in the provided instructions.
[COMMAND_EXECUTION] (LOW): The skill utilizes local shell hooks (pre and post) in SKILL.md for logging and state management. These hooks use shell expansion (date +%s) and reference environment variables ($TASK). While intended for lifecycle management, execution of shell commands with project-specific variables represents a standard but note-worthy capability surface.

sparc-specification