The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core function of synthesizing external data into reports.\n- Ingestion points: Untrusted content is ingested from the input.json file as specified in the README documentation.\n- Boundary markers: No delimiters or instructions to ignore embedded prompts are documented for the input fields like background or analysis.\n- Capability inventory: The skill is restricted to generating Markdown documents in a local Reports/ directory; it lacks network access, arbitrary command execution, or other high-privilege side effects.\n- Sanitization: While structural validation is performed via JSON schema (validators.py), there is no evidence of natural language sanitization for the data processed into the final briefing note.

briefing-note-expert