The Agent Skills Directory

[SAFE]: The skill includes several bash scripts in the scripts/ directory, such as scamper-prompts.sh and swot-template.sh. These scripts are secure, static wrappers that use heredocs to output markdown templates to the terminal without downloading external content or executing dynamic code.
[SAFE]: The skill identifies a potential surface for indirect prompt injection as it ingests untrusted data via WebSearch and WebFetch to perform its primary function. However, this risk is inherent to its purpose as a research tool and is mitigated by the use of structured output templates and instructions to cite all sources.
[SAFE]: The execution contract follows security best practices by restricting the agent from writing to the skill's own directory and requiring explicit explanations if any tool dependencies or credentials are unavailable, preventing silent failures or unsafe fallback attempts.

inno-idea-generation