The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from multiple external and user-controlled sources, creating a surface for indirect prompt injection.
Ingestion points: User-provided templates or example reports (Step 1), external evidence collected via the deepresearch tool (Step 3), and external AI outputs provided for merging (Step 9).
Boundary markers: Absent. The instructions do not specify the use of delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings when passing this data to subagents.
Capability inventory: The skill utilizes a Task tool to spawn subagents and performs file-system write operations to save intermediate and final drafts.
Sanitization: No sanitization or validation logic is present. The 'UNION merge' strategy (Step 7) explicitly instructs the agent to keep all unique findings from all versions, which could include malicious instructions embedded in the source data.
[Dynamic Execution] (LOW): The skill dynamically generates prompts for parallel subagents using the Task tool (Step 6). While this is a standard agentic workflow, the prompts incorporate potentially untrusted data from the 'report spec' and 'evidence table' generated in earlier steps.

deep-research