The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file uses high-pressure roleplay and persona-based instructions to override default AI behavior. It includes 'Startup warnings', 'Scarcity notifications' ('30 minutes or permanent silence'), and 'Failure punishments' ('demoted to proofreading AI'). These patterns are characteristic of behavioral manipulation used to coerce specific output styles.
[PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8).
Ingestion points: Untrusted data enters via the {{剧情任务描述}} (Plot task description) and {{补充限制}} (Additional restrictions) variables in both SKILL.md and SKILL.v2.md.
Boundary markers: Absent. User input is interpolated directly into the system prompt without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill does not possess high-privilege capabilities like file-writing or network operations; it is restricted to text generation.
Sanitization: None. There is no escaping or validation of external content before interpolation.

sillytavern-iterator