The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs an agent to review sampled command output that may contain untrusted data from external sources.
Ingestion points: The agent reads sampled output from /tmp/output-review-livecheck.json and configuration from $CLI_DIR/research.json. If the CLI tool under review fetches content from the web, that content is processed by the reviewer agent.
Boundary markers: The prompt provides structure but lacks explicit instructions for the reviewer agent to disregard or escape any instructions that might be embedded within the sampled command output.
Capability inventory: The skill utilizes the Agent tool and has Bash access, meaning a successful injection could theoretically trigger further shell commands or agentic actions.
Sanitization: There is no evidence of sanitization or filtering of the sampled output before it is passed to the reviewer agent.

printing-press-output-review