The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary instruction file, SKILL.md, includes an example command for generating figures using uv run. This directs the agent to execute a Python script from a local directory (~/.codex/skills/inno-figure-gen/scripts/generate_image.py), which is a form of shell command execution.
[PROMPT_INJECTION]: The skill is designed to process external, untrusted scientific manuscripts while providing instructions for shell-based tool usage, creating a vulnerability to indirect prompt injection.
Ingestion points: The agent is instructed to evaluate manuscripts provided as user input in SKILL.md.
Boundary markers: The instructions do not specify any markers (like XML tags or delimiters) to separate the manuscript content from the agent's instructions, nor do they advise the agent to ignore potentially malicious embedded content.
Capability inventory: The skill documentation in SKILL.md explicitly encourages the use of uv run to execute shell commands for figure generation.
Sanitization: The skill lacks any guidance for the agent to sanitize or validate manuscript-derived strings (such as titles or methodology summaries) before using them as arguments in the suggested shell command.

paper-reviewer