The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill directs the agent to ingest and analyze untrusted code from a repository, creating a potential vector for indirect prompt injection. Ingestion points: SKILL.md (Procedure Step 2) involves searching the repository for specific function patterns and consuming the results. Boundary markers: No delimiters or warnings to ignore embedded instructions within searched files are present. Capability inventory: The skill profile includes bash, node, and WP-CLI, which provide a broad execution environment for potential exploits. Sanitization: There are no instructions to sanitize or validate the content found in the repository before processing.

wp-abilities-api