The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes Bash and Task tools to perform document compilation and rendering for .tex, .qmd, and .typ files. This process inherently executes logic defined within the audited documents, which could lead to arbitrary command execution if the files contain malicious macros or escape sequences.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted document content within an iterative feedback loop between 'critic' and 'fixer' agents.
Ingestion points: Untrusted data enters the agent context via the Read tool, which accesses files provided through the [filename] argument.
Boundary markers: The skill lacks delimiters or explicit instructions to ignore embedded commands within the processed documents.
Capability inventory: The skill possesses powerful capabilities including Bash, Task, Write, and Edit tool access.
Sanitization: No sanitization or validation of the document content is performed before it is read by agents or passed to system compilers.

qa