The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its content ingestion workflow. 1. Ingestion points: Untrusted content is read from user-specified file paths or direct text pastes as described in Step 1.2 of SKILL.md. 2. Boundary markers: Absent; the template in references/base-prompt.md interpolates the content directly without using delimiters or explicit instructions to the AI to ignore embedded directives. 3. Capability inventory: The skill has the capability to write multiple files (analysis.md, structured-content.md, prompts/infographic.md) and call an external image generation skill. 4. Sanitization: No sanitization or filtering is implemented; the skill explicitly follows a principle to preserve all source data verbatim, which would include any malicious instructions.
[COMMAND_EXECUTION]: The skill uses local shell commands for environment configuration. Evidence: In Step 1.1 of SKILL.md, it executes 'test -f' to check for the presence of an EXTEND.md configuration file in both the local project directory (.baoyu-skills/baoyu-infographic/) and the user's home directory. This is used to load custom layout, style, and language preferences.

baoyu-infographic