The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill defines a process for generating implementation plans that include shell commands and Python code based on external design inputs. This design pattern creates a vulnerability surface where malicious instructions in the input data could be incorporated into the generated plan and subsequently executed by other agents or skills. Evidence: 1. Ingestion points: The skill processes external design requirements and codebase context. 2. Boundary markers: No delimiters or instructions are provided to the agent to ignore embedded commands in the input design. 3. Capability inventory: The resulting plans contain pytest and git commands and functional Python code intended for execution via referenced skills like executing-plans. 4. Sanitization: There is no requirement for the agent to sanitize or validate the design content before including it in executable steps.

writing-plans