The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands (bash) to perform environment setup and project management. It executes local Python scripts (webnovel.py and reference_search.py) from the plugin's internal directory to query and update project states.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads untrusted data from the user's web novel project to guide its planning logic. Instructions embedded within story files could influence the agent's behavior during the outline generation process.
Ingestion points: The skill reads project configuration (state.json), the master outline (总纲.md), and various setting files (设定集/*.md) in SKILL.md.
Boundary markers: No specific boundary markers or "ignore previous instructions" warnings are used to separate user data from agent instructions.
Capability inventory: The agent can execute shell commands, run local Python scripts, and modify files within the project workspace.
Sanitization: There is no evidence of input validation or sanitization for the content ingested from the project files.
[COMMAND_EXECUTION]: The skill uses python -c snippets in SKILL.md to dynamically parse JSON data from project files. While used for legitimate state extraction (e.g., retrieving the 'genre' field), this involves runtime execution of code derived from file paths.

webnovel-plan