The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: The script scripts/extract_nextflow_run.py reads data from trace.txt and the contents of shell scripts (e.g., .command.sh) from the Nextflow work directory.
Boundary markers: Absent. The templates/methods_report.md and templates/paper_summary.yaml files use standard interpolation (e.g., {{steps_block}}) without delimiters or instructions for the agent to ignore embedded commands within that data.
Capability inventory: The skill uses Python scripts to read/write local files and relies on the AI agent to summarize and format the extracted data into reports.
Sanitization: The scripts use yaml.safe_load and yaml.safe_dump to prevent YAML-based code execution, but they do not sanitize or filter the natural language content extracted from logs, which could contain malicious instructions meant to subvert the agent's behavior during report generation.

bio-workflow-methods-docwriter