The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data to generate instructions for subsequent AI tasks.
Ingestion points: Processes user-pasted text snippets (up to 5000 words) and local files in .txt, .md, and .epub formats as source material for style extraction (documented in SKILL.md).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the reference novels are defined for the analysis phase.
Capability inventory: The skill performs deep text analysis—including technique scanning, rhythm analysis, and word sampling—and generates new Markdown files (_总纲.md, 场景描写/*.md, 自检清单.md) which are then used by other components of the novel-writing system (novel-lite, novel-review).
Sanitization: There is no evidence of sanitization or filtering of the source text to prevent malicious instructions from being interpreted as style rules or quantity metrics during the extraction process.
[COMMAND_EXECUTION]: The skill includes instructions to read local files (.txt, .md, .epub) specified by the user. While the skill body explicitly states that it will not read files without user authorization, the capability to access the file system for content analysis is a core feature of the skill.

novel-style-extract