The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to analyze user-provided codebases, which serves as an untrusted data ingestion point.
Ingestion points: Uses Glob, Grep, and Read tools on files within a provided project path (e.g., in SKILL.md and scripts/react_performance_checker.py references).
Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to ignore embedded instructions in the analyzed code.
Capability inventory: The skill allows the use of Bash, Write, and Edit tools, which could be misused if an attacker embeds malicious instructions in the code being reviewed.
Sanitization: No evidence of content sanitization or validation before processing user-provided code.
Unverifiable Dependencies (SAFE): SKILL.md references an automated audit script (scripts/react_performance_checker.py) that is not included in the provided files. While this creates an unverifiable capability, it appears to be a documentation oversight rather than a malicious trap.

react-best-practices