The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes user-provided content (e.g., articles, social media posts) to generate infographic outlines. It lacks explicit delimiters or instructions to ignore embedded commands within the processed data, creating a surface for indirect prompt injection where malicious input could influence agent behavior or image content. Evidence: (1) Ingestion point: User-supplied text or file paths in SKILL.md. (2) Boundary markers: Absent in analysis-framework.md and prompt-assembly.md. (3) Capability inventory: File system access (read/write), shell command execution (file checks), and invocation of image generation skills. (4) Sanitization: None specified for external content.\n- [COMMAND_EXECUTION]: The skill specifies shell and powershell commands in SKILL.md to check for the presence of the EXTEND.md configuration file in project and home directories. Although these commands are restricted to the skill's specific configuration paths, they constitute automated command execution.

baoyu-image-cards