The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the user and processes it into an output format.
Ingestion points: The skill reads 'Problem Description' and 'Python code' provided by the user (as described in SKILL.md).
Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions within the ingested data.
Capability inventory: The skill has the capability to write a local HTML file (famou_viz_result.html).
Sanitization: There are no explicit instructions for sanitizing or escaping content extracted from the Python code before it is interpolated into the HTML template, which could lead to Cross-Site Scripting (XSS) if the user provides malicious input.
[EXTERNAL_DOWNLOADS]: The skill generates HTML that relies on external resources from well-known services.
Evidence: The template in SKILL.md references React, Babel, and Tailwind CSS via Cloudflare's CDN (cdnjs.cloudflare.com) and Tailwind's CDN (cdn.tailwindcss.com), as well as Google Fonts. These are established, well-known services used for UI rendering.

famou-result-visualization