The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The execution flow explicitly directs the agent to use the 'Grep' tool to search a CSV database. This creates a risk of command injection if the search keywords extracted from user input (Step 1 and 2) are not properly sanitized before being passed to the shell. An attacker could provide a query designed to execute arbitrary system commands (e.g., using semicolons or backticks).
[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: The agent reads and processes records from a 'CSV database' containing over 1800 entries (SKILL.md, Step 3).
Boundary markers: Absent. There are no instructions to use delimiters or to disregard instructions found within the material library.
Capability inventory: The agent can execute system commands (grep), read files, and generate rewritten content for the user based on the found materials (SKILL.md, Step 3 & 4).
Sanitization: Absent. While the skill mentions 'de-identification' for privacy, it does not include measures to sanitize the content for malicious instructions that could hijack the agent's logic during the '整理和改写' (Organization and Rewriting) phase.

personal-material-search