The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted external data (kud_json, lts_json, band_schema) that is directly interpolated into the agent's context. While the skill has no dangerous capabilities like network access or file writing, a malicious payload inside a curriculum file could attempt to manipulate the tagging rationales or the resulting classification.
Ingestion points: Processes data from kud_json, lts_json, progression_structure_json, band_schema, and criterion_bank_json (found in SKILL.md).
Boundary markers: The skill uses standard {{variable}} interpolation without explicit security delimiters or "ignore previous instructions" warnings for the untrusted content.
Capability inventory: The skill is limited to text analysis and JSON generation; it does not perform subprocess calls, file writes, or network operations.
Sanitization: No explicit sanitization of input strings or JSON structures is performed within the skill, although the documentation notes an assumption that an upstream "harness" has validated the inputs.

developmental-band-translator