The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill lacks security constraints while requesting tools with significant system impact.
Ingestion points: The skill activates on and processes user-supplied requests and data concerning "report template generator" patterns (SKILL.md).
Boundary markers: Absent. There are no instructions to the agent to distinguish between its own logic and data-embedded instructions.
Capability inventory: The skill is granted Bash, Write, and Edit tools (SKILL.md YAML), allowing for arbitrary code execution and file system modification.
Sanitization: No sanitization, validation, or escaping protocols are mentioned for the data analytics inputs or generated outputs.
Command Execution (MEDIUM): The explicit request for Bash and Write capabilities for a template generation task follows the principle of most privilege rather than least privilege, increasing the potential impact of any successful injection.

report-template-generator