The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to autonomously execute compilation commands such as typst compile and metadata queries like typst query as part of its verification phase.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. (1) Ingestion points: Phase 0 automatically scans and reads project materials including *.pdf, *.md, and *.typ files to gather context and style inheritance. (2) Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings provided for the ingested data. (3) Capability inventory: The skill possesses Bash, Write, and Edit tools, and it is capable of generating and executing Python scripts. (4) Sanitization: No sanitization, escaping, or validation of the external project content is mentioned before it is used to draft new documents.
[REMOTE_CODE_EXECUTION]: The workflow involves generating and executing Python scripts for data-driven visualizations using libraries like Matplotlib or Plotly. This dynamic code generation and execution, particularly when based on data derived from potentially untrusted project files, poses a security risk.

create-document