The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data (manuscripts in PDF, DOCX, or text format), which creates a surface for indirect prompt injection attacks where malicious instructions hidden in a manuscript could influence the reviewer agents or the final decision.
Ingestion points: Untrusted manuscript content is gathered in SKILL.md (Instruction 2) and normalized into a shared packet for reviewers as defined in references/council-workflow.md.
Boundary markers: The skill lacks explicit instructions or technical delimiters to ignore or escape instructions that might be embedded within the manuscript text, although it does provide a behavioral guardrail by instructing reviewers to ground criticisms only in the text or explicit missing information (Instruction 9).
Capability inventory: The skill utilizes powerful capabilities including agent delegation (spawning sub-agents or Task agents) and specialized analytical tools (/polars-dovmed, /bio-logic, /scientific-writing) to process and act upon the provided content.
Sanitization: There is no evidence of sanitization, filtering, or validation of the manuscript content before it is processed by the agent council.

manuscript-review-council