The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of external files.
Ingestion points: The skill ingests data from untrusted external sources, including PDF, DOCX, XLSX, and images, as well as transcripts from YouTube URLs via the markitdown library and OpenRouter API.
Boundary markers: No delimiters or "ignore embedded instructions" warnings are present in the scripts or the prompts used for content extraction.
Capability inventory: The skill has the Bash tool enabled and includes multiple Python scripts for batch processing and AI-enhanced conversion. It also has permissions to Read, Write, and Edit files.
Sanitization: There is no evidence of sanitization, validation, or filtering of the extracted text content before it is presented to the agent.
[COMMAND_EXECUTION]: The skill contains instructions and examples for executing local Python scripts.
Evidence: SKILL.md provides a command-line example for scripts/generate_schematic.py. However, this specific script is missing from the skill files, although other scripts like batch_convert.py and convert_literature.py are provided.
[EXTERNAL_DOWNLOADS]: The skill references and installs external software from well-known sources.
Evidence: The installation instructions in SKILL.md direct users to install the markitdown package from PyPI or clone it from Microsoft's official GitHub repository.
[DATA_EXFILTRATION]: The skill performs network operations to fetch data and process content via external APIs.
Evidence: The markitdown tool performs network requests to fetch YouTube transcripts. Additionally, scripts/convert_with_ai.py sends document data to the OpenRouter API (openrouter.ai) for image description generation.

markitdown