The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface for indirect prompt injection through its ingestion of untrusted transcript data.
Ingestion points: Processes external .txt and *_linked.txt files provided by the user or external tools.
Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions embedded within the transcript text.
Capability inventory: Access to Bash, Read, Write, Glob, and Grep tools, with the ability to write files to the $PODPILOT_DATA directory.
Sanitization: Absent. There is no evidence of filtering or escaping content extracted from transcripts before it is processed by the LLM or written to the file system.
[Command Execution] (SAFE): While the skill requests the Bash tool, its use-case is restricted to file management and text processing (Grep/Glob) within a defined data directory. No evidence of arbitrary command execution or shell piping from untrusted sources was found.

japanese-lesson