The Agent Skills Directory

PROMPT_INJECTION (LOW): Detected vulnerability surface for Indirect Prompt Injection (Category 8).
Ingestion points: Processes external blog content or file paths via the $ARGUMENTS variable in SKILL.md.
Boundary markers: Absent; input is not delimited or encapsulated to prevent embedded instruction overrides.
Capability inventory: Limited to reading the provided input and writing a markdown file to a local temporary directory (._tmp/images/). No network exfiltration, arbitrary command execution, or sensitive file access capabilities were found.
Sanitization: No validation, escaping, or filtering of the external input content is performed.
Risk: A malicious source file could attempt to hijack the agent's logic to change the output prompt, though the impact is strictly limited to the local output file.

blog-04-image-prompt