The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches book metadata and text from well-known services like Project Gutenberg (via the Gutendex API) and Standard Ebooks. These are established repositories for public domain literature.
[COMMAND_EXECUTION]: The script scripts/extract-text.py uses controlled subprocess calls to interact with the Python environment or companion skills for document processing. Arguments are constructed from validated file paths.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests and analyzes untrusted data from external documents.
Ingestion points: Text extraction from user-provided PDF/EPUB files or remote text downloads via scripts/extract-text.py.
Boundary markers: Absent. There are no explicit delimiters defined in the instructions to prevent instructions embedded within book content from influencing agent behavior.
Capability inventory: Subprocess execution for file processing and the generation of interactive HTML reports.
Sanitization: The rendering logic in scripts/render-report.py attempts to sanitize content using HTML escaping. However, a bypass exists: if the agent's output contains any tag from a list of permitted inline tags (like <strong>), the escaping logic is skipped for the entire string. This allows for potential Cross-Site Scripting (XSS) if the agent is manipulated into including malicious tags (like <script>) alongside permitted ones.

crisp-reading