The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions to download external code and resources from the repository https://github.com/epoko77-ai/im-not-ai.git and a plugin from a third-party fork (humanize-korean@epoko77-ai-plugins). These are used for the initial setup and expansion of the skill's capabilities.
[COMMAND_EXECUTION]: The documentation in SKILL.md mentions the execution of a shell script (./scripts/install.sh) during the installation process. It also utilizes commands like /humanize and /humanize-redo which perform file system operations, specifically reading user inputs and writing results to a local _workspace/ directory.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it is designed to ingest and process untrusted text provided by the user.
Ingestion points: Untrusted data enters the agent's context in SKILL.md through direct text input or file paths provided to the /humanize command.
Boundary markers: The instructions in SKILL.md do not specify any delimiters or safety warnings to prevent the agent from being influenced by instructions embedded within the user-provided text.
Capability inventory: The agent has permissions (as described in SKILL.md) to read local files and write output files to the _workspace/ directory, which could be exploited if an injection occurs.
Sanitization: There is no evidence in SKILL.md of input validation or sanitization being applied to the text before it is processed by the rewriting agents.

humanize-korean-ai-text