The Agent Skills Directory

[Prompt Injection] (LOW): The skill employs authoritative directives such as 'non-negotiable' and 'Core Rules' to rigidly define agent behavior and override default operational flexibility.
[Metadata Poisoning] (MEDIUM): The content contains deceptive claims of a fictional Meta acquisition of 'Manus' in December 2025 for $2 billion to establish unearned authority and influence the agent's internal reasoning via social engineering.
[Indirect Prompt Injection] (HIGH): The core workflow creates a Tier HIGH vulnerability surface by combining external data ingestion with file-writing capabilities. 1. Ingestion points: Untrusted content from 'WebSearch' is explicitly stored in 'notes.md'. 2. Boundary markers: Absent. No instruction delimiters or warnings are present to prevent the agent from obeying commands embedded in gathered research. 3. Capability inventory: Significant file system access including 'Write' and 'Edit' operations for plan management and delivery. 4. Sanitization: Absent. The skill lacks any instructions for filtering, validating, or escaping external content before integration into the agent context.

planning-with-files