The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses bash commands (test -f) to check for the existence of configuration files (EXTEND.md) in both the project directory and the user's home directory ($HOME). This is standard behavior for managing user-level preferences.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its core functionality. 1. Ingestion points: User-provided content via file paths or direct text input (saved to source.md). 2. Boundary markers: The base-prompt.md template uses simple placeholders ({{CONTENT}}) without explicit delimiters or instructions to ignore embedded commands. 3. Capability inventory: Bash execution for environment checks, file writing operations, and invocation of external image generation skills. 4. Sanitization: There is no evidence of sanitization or escaping of the user content before it is interpolated into the final generation prompt.

baoyu-infographic