The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted reviewer feedback provided in the $0 argument and explicitly instructs the agent to address every concern without exception. This configuration is susceptible to indirect prompt injection, where an attacker-controlled reviewer comment could contain malicious instructions designed to hijack the agent's behavior or abuse the capabilities of connected skills like experiment-code. • Ingestion points: Reviewer feedback ($0) in SKILL.md. • Boundary markers: Absent; untrusted data is directly interpolated into prompts in references/revision-prompts.md. • Capability inventory: Integration with experiment-code, figure-generation, and self-review skills. • Sanitization: No evidence of input validation or sanitization.

paper-revision