The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through its toolset.
Ingestion points: The WebFetch tool allows the agent to ingest untrusted data from external websites.
Boundary markers: Absent; the instructions do not define delimiters or warnings to ignore instructions embedded in fetched data.
Capability inventory: The skill possesses the Bash tool (with python and npm access), along with Write and Edit, which could be exploited to execute code or modify the file system if the agent is manipulated by malicious external content.
Sanitization: Absent; no sanitization or validation of external content is mentioned.

pixel-art-infographic-creator