The Agent Skills Directory

[PROMPT_INJECTION]: The skill constructs its final prompt by interpolating several user-supplied fields directly into the instruction block, which is a standard pattern for template-based agents but introduces an indirect prompt injection surface.
Ingestion points: Data from the task_description, student_level, metacognitive_focus, subject_area, student_profiles, and task_phase input fields in SKILL.md are used to populate the model's instructions.
Boundary markers: The prompt template lacks robust delimiters (such as XML tags or unique string markers) and specific instructions to the model to ignore any command-like text within the user-provided inputs.
Capability inventory: The skill's functionality is limited to text generation and lacks access to sensitive system operations like file system modification, network requests, or shell execution, which limits the potential for harm.
Sanitization: There is no evidence of input validation or filtering to remove potentially malicious instructions from the user-provided text.

metacognitive-prompt-library