The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The Atomic Write Protocol described in references/session-state-schema.md instructs the orchestrator to execute bash commands such as echo, cp, and mv to maintain session state. The use of variables like {session_dir} and $content within these commands creates a risk of command injection if the agent does not strictly sanitize the input values.
[EXTERNAL_DOWNLOADS] (LOW): The fact-checking protocol in references/fact-check-tiers.md utilizes WebSearch and WebFetch tools to retrieve information from arbitrary external URLs. This constitutes a surface for downloading content from untrusted domains.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). Evidence Chain: 1. Ingestion points: Web content retrieved during fact-checking (references/fact-check-tiers.md) and user-provided essay samples (references/style-profile-template.md). 2. Boundary markers: Absent; there are no specific delimiters or ignore-instructions warnings defined to isolate untrusted content. 3. Capability inventory: Local file system manipulation via bash commands, web navigation, and content generation. 4. Sanitization: Absent; the provided instructions do not specify any validation or escaping of external data before processing.

essay-pipeline