The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is susceptible to indirect prompt injection via the markdown files it processes. Pandoc supports arbitrary code execution through LaTeX headers (header-includes) and Lua filters.- Ingestion Points: Markdown files provided as input to Pandoc conversions.- Boundary Markers: None; content is processed directly by Pandoc.- Capability Inventory: Ability to run pandoc, which can execute LaTeX and Lua, as well as python3 and make.- Sanitization: The validate.py script performs structural checks but lacks sanitization for dangerous LaTeX commands or Pandoc filters.- EXTERNAL_DOWNLOADS (LOW): The skill contains instructions to download citation styles from an external source.- Evidence: snippets.md contains curl commands pointing to raw.githubusercontent.com.- Trust Status: Source is a trusted GitHub repository, so the finding is downgraded to LOW per [TRUST-SCOPE-RULE].- COMMAND_EXECUTION (MEDIUM): The skill automates the setup of executable scripts and encourages running shell commands.- Evidence: Makefile target setup uses chmod +x on scripts/validate.py. conversion_guide.md and snippets.md provide numerous shell commands for the agent to execute.

pandoc