The Agent Skills Directory

[PROMPT_INJECTION]: The references/workflows/prompt-assembly.md file contains instructions directed at a downstream image generation tool to "DO NOT refuse to generate" when encountering sensitive or copyrighted figures. Instead, it requests stylistically similar alternatives, which is a pattern used to bypass safety and content guidelines.
[PROMPT_INJECTION]: The skill processes untrusted user content and interpolates it into prompts for an external image generator, creating a surface for indirect prompt injection. Evidence Chain: (1) Ingestion points: User-provided text or files are saved to source.md in Step 1. (2) Boundary markers: The prompt assembly uses basic markdown headers like ## Content to separate user data, which is insufficient to prevent adversarial content from influencing the agent's behavior. (3) Capability inventory: The skill can execute Bash commands (test -f), write files, and invoke image generation skills. (4) Sanitization: No explicit validation or escaping of user-provided content is performed before it is included in the final generation prompt.
[COMMAND_EXECUTION]: SKILL.md executes shell commands using test -f to verify the existence of configuration files (EXTEND.md) in both the project directory and the user's home directory.
[DATA_EXFILTRATION]: The skill reads from and writes to the user's home directory ($HOME/.canghe-skills/) to manage persistent preferences. While this is a standard configuration pattern, it involves accessing the user's home directory, which is a sensitive system path.

canghe-xhs-images