The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes external content from Coda documents (PRDs, roadmaps, etc.) which are ingested into the agent's context, creating a surface for indirect prompt injection.
Ingestion points: Content is retrieved through coda pages export and table data is extracted via coda export (documented in SKILL.md and coda-reference.md).
Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from executing commands or following directions embedded within the retrieved document content.
Capability inventory: The agent has the capability to execute the coda CLI tool, the uv package manager, and various shell scripts mentioned in digital-science-reference.md (check_rclone.sh, search_gdrive.sh, etc.).
Sanitization: There is no evidence of sanitization or validation of the retrieved text before it is processed by the agent.
[COMMAND_EXECUTION]: The skill is centered around the execution of a local CLI tool (coda) and several bash scripts. It includes instructions to install the tool from a local source path (~/aves/coda-cli) using the uv tool manager.

searching-documents-with-coda