The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses authoritative directives like 'Iron Law' and 'MANDATORY' to strictly control agent behavior and enforce a research-first sequence, which could override user intentions.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Untrusted data enters the agent context through mcp__Exa__web_search_exa and WebFetch in SKILL.md. Boundary markers: The instructions recommend short summaries and URL references but lack formal isolation or 'ignore instructions' delimiters for external content. Capability inventory: It has the power to write reports via the Write tool and is explicitly designed to influence code-generating 'creator' skills. Sanitization: No filtering, validation, or escaping of external content is specified before it is incorporated into design decisions.
[COMMAND_EXECUTION]: SKILL.md contains JavaScript snippets in 'Step 0' that use require() to load local modules from the .claude/ directory, such as internal-rag.cjs. This encourages the agent to execute script logic directly from markdown documentation, which could be a vector for unintended code execution.
[EXTERNAL_DOWNLOADS]: The skill identifies and fetches data from external sources via WebFetch and the Exa search tool. While intended for research purposes, accessing unverified remote URLs creates an attack surface for malicious content ingestion or metadata harvesting.

research-synthesis