The Agent Skills Directory

General (SAFE): The skill does not contain any prompt injection, obfuscation, or data exfiltration attempts. Its behavior matches its stated purpose of designing microlessons.- Indirect Prompt Injection (INFO): The skill ingests untrusted data via the 'topic' and 'educational_level' parameters. Evidence: 1. Ingestion points: 'topic' and 'educational_level' in skill.py; 2. Boundary markers: Absent; 3. Capability inventory: No subprocess, file-write, or network calls; 4. Sanitization: Absent. The severity is INFO because the skill has no dangerous capabilities that could be triggered by malicious input.- Dynamic Execution (LOW): The script modifies sys.path to include a relative 'framework' directory. While this is dynamic path manipulation, it is a standard pattern for local skill development and does not incorporate untrusted external input.- Code Quality (INFO): A potential NameError exists in the artifacts list where 'skill_dir' is referenced but not defined in the scope. This is a functional bug rather than a security flaw.

learning-microlesson-designer