The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes user-supplied information within its core logic.\n- [PROMPT_INJECTION]: Ingestion points: Data is ingested through variables such as 'lesson_content', 'student_level', and 'student_profiles' in SKILL.md.\n- [PROMPT_INJECTION]: Boundary markers: The skill lacks delimiters (e.g., triple quotes, XML-style tags) to separate user input from system instructions, creating a risk that input could be interpreted as a command.\n- [PROMPT_INJECTION]: Capability inventory: No dangerous capabilities were identified; the skill has no access to tools, network operations, or file system modifications.\n- [PROMPT_INJECTION]: Sanitization: No sanitization or validation mechanisms are implemented for the interpolated user variables.

perma-based-lesson-designer