The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill processes feedback from external reviewers which is untrusted data. 1. Ingestion points: External reviewer feedback mentioned in the Receiving Feedback section (SKILL.md). 2. Boundary markers: Absent; no specific delimiters or instructions to ignore embedded commands in feedback are provided. 3. Capability inventory: Use of git rev-parse, grep, and arbitrary verification commands (SKILL.md). 4. Sanitization: Absent; the protocol focuses on technical verification but does not include sanitization of the input text.
Dynamic Execution (MEDIUM): The Verification Gates protocol instructs the agent to 'IDENTIFY command -> RUN full command' based on the project state. This logic could be exploited if an attacker can influence the identification process via malicious project files or deceptive feedback, leading to the execution of unintended commands.

code-review