The Agent Skills Directory

[No Code] (SAFE): The skill package consists entirely of 20 markdown files containing reference material and guides. No executable scripts, binaries, or configuration files that could trigger execution are present within the skill folder.
[External Downloads] (LOW): The references/extensions.md file provides instructions for using the 'quarto add' command to install extensions from GitHub repositories. This facilitates the download and execution of third-party Lua filters. Although these are unverifiable sources, the severity is downgraded as this is a core intended functionality of the tool being documented.
[Remote Code Execution] (LOW): The skill explains how to author code cells and use extensions. Quarto documents are designed to execute code in various languages (R, Python, Julia) and run Lua filters. This capability is inherent to the Quarto system.
[Indirect Prompt Injection] (LOW): The skill describes features like '{{< include >}}' and '{{< embed >}}' that allow a document to ingest content from external files. Evidence Chain: 1. Ingestion points: references/shortcodes.md (include/embed). 2. Boundary markers: Absent. 3. Capability inventory: references/code-cells.md (execution of R/Python/Julia), references/extensions.md (Lua filters). 4. Sanitization: Absent.

quarto-authoring