The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted user input from fields like snippets_logs_payloads and desired_behavior, which are then directly embedded into a final prompt template. This exposes the downstream agent that processes the template to indirect prompt injection risks.
[PROMPT_INJECTION]: Ingestion points: User-provided text is ingested via the snippets_logs_payloads, goal, and background_bullets fields defined in SKILL.md.
[PROMPT_INJECTION]: Boundary markers: The Final Prompt Template output does not use strong boundary markers or explicit instructions to treat user-provided input as untrusted data, increasing the likelihood of a downstream agent following embedded instructions.
[PROMPT_INJECTION]: Capability inventory: The skill's primary purpose is to generate instructions for a code-generating agent (e.g., Codex or GPT-5.2), which typically has the capability to write and modify code.
[PROMPT_INJECTION]: Sanitization: There is no evidence of sanitization, validation, or escaping of the user-provided strings before they are included in the final output template.

prompt-template-wizard