The Agent Skills Directory

[SAFE]: The skill is a collection of static text templates and does not possess executable scripts or dependencies. Analysis found no hardcoded credentials or unauthorized network exfiltration.
[PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by ingesting external data via template placeholders. Ingestion points: Untrusted text is processed through variables like {{PAPER_CONTENT}}, {{CHINESE_DRAFT}}, and {{original_text}} across all 30 templates in SKILL.md. Boundary markers: Some templates use XML-style tags for data isolation, while others rely on direct string interpolation. Capability inventory: The skill has no access to tools, file system operations, or network requests. Sanitization: No input filtering or instruction-ignoring logic is implemented in the prompt templates.

research-writing