The Agent Skills Directory

COMMAND_EXECUTION (SAFE): The skill utilizes Bash and Task tools to coordinate a multi-agent pipeline and perform local file operations. These capabilities are necessary for the skill's primary function of generating and assembling a large-scale documentation project.
EXTERNAL_DOWNLOADS (LOW): The skill integrates with the fal-text-to-image skill and fal.ai services to generate and download thematic visual assets. While these are external dependencies, they are core to the stated visual enhancement features.
PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection (Category 8) surface where user-provided inputs are interpolated into sub-agent instructions without sufficient isolation.
Ingestion points: The topic and theme parameters in config.json are used across multiple prompt templates.
Boundary markers: Absent. The prompt templates (e.g., prompts/chapter-orchestrator.md) directly interpolate variables without using delimiters or specific 'ignore instructions' warnings for the sub-agents.
Capability inventory: Sub-agents can generate technical code and write files, providing a potential path for an attacker to influence the output content if they control the topic input.
Sanitization: No sanitization or validation of the technical topic or theme strings is performed before interpolation.
COMMAND_EXECUTION (LOW): The README.md and illustrator.md files suggest the execution of external shell scripts (e.g., ./scripts/validate-config.sh) and skill commands. While these scripts are missing from the provided package, their use as described is consistent with a developer's automation workflow but remains unverifiable.

thematic-doc-generator