The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill processes up to 100+ literature files, which constitutes a significant Indirect Prompt Injection surface. * Ingestion points: Literature files are read via the Glob tool as specified in Step 1 of SKILL.md. * Boundary markers: The outline_prompt.md template uses basic text headers (e.g., '文件ID', '内容') to delimit files, which provides minimal protection against adversarial content. * Capability inventory: The skill possesses the ability to read files (Glob) and create directories (Bash). * Sanitization: No explicit sanitization or validation of the AI-generated 'Course Name' is mentioned before it is passed to the shell for directory creation.
COMMAND_EXECUTION (LOW): The skill uses the Bash tool to create output directories. While the intended use (mkdir) is benign, the directory name is derived from AI-generated text based on untrusted inputs. This creates a minor risk of command injection if the LLM is manipulated into producing a name containing shell metacharacters.

course-generator