The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze untrusted external data. Ingestion points: Data is imported via the Read, Grep, and Glob tools. Boundary markers: The instructions do not define delimiters or specific 'ignore' directives to prevent the agent from obeying instructions embedded in the analyzed code or PR content. Capability inventory: The skill has access to the Bash and Agent tools, providing a path for command execution or task delegation. Sanitization: No validation or escaping mechanisms are specified for the ingested content.\n- [COMMAND_EXECUTION]: The skill permits the use of the Bash tool to facilitate technical reviews. While this is a standard capability for engineering agents, its use in conjunction with untrusted input from external files increases the risk profile of the skill.

adversarial-review