The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to ingest and process untrusted external data (the codebase being reviewed).
Ingestion points: The security-reviewer agent is instructed to audit "specific files or entire codebase" provided in the scope (SKILL.md).
Boundary markers: The delegation prompt to the sub-agent does not define clear delimiters or boundary markers to separate the instructions from the potentially untrusted code content being analyzed.
Capability inventory: The skill has the capability to trigger npm audit (subprocess command execution) and possesses broad read access to the project files (SKILL.md).
Sanitization: There are no instructions or mechanisms specified to sanitize or escape the content of the files before they are processed by the LLM.
[COMMAND_EXECUTION]: The skill explicitly instructs the sub-agent to perform command execution tasks as part of its security audit process.
Evidence: The security checklist and delegation prompt include running npm audit to identify dependency vulnerabilities. While this is a standard security procedure, it involves executing external CLI tools based on the project's configuration files (package.json).

omc-security-review