The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill contains a direct instruction for the agent to fetch documentation from an external URL (https://raw.githubusercontent.com/pmndrs/koota/refs/heads/main/README.md) when 'setting up or undertaking important changes'. This introduces a risk where malicious instructions embedded in the remote markdown file could hijack the agent's task.
Ingestion points: SKILL.md (instruction to fetch external README).
Boundary markers: Absent; there are no delimiters or instructions provided to the agent to treat the fetched content as data rather than instructions.
Capability inventory: The fetched content directly influences the agent's reasoning and code generation capabilities ('undertaking important changes').
Sanitization: Absent; the content is ingested without validation or filtering.
[External Downloads] (LOW): The skill relies on external content from the pmndrs GitHub organization. While this organization is prominent in the React community, it is not included in the 'Trusted External Sources' list, making the source unverified for this security context.

koota