The Agent Skills Directory

[DATA_EXFILTRATION]: The file hooks contains a directory traversal string (../../hooks). This pattern indicates an attempt to reference or access directories outside the skill's defined scope, which could potentially expose sensitive system information or configuration files located in parent directories.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its handling of external data for session management and quiz generation.
Ingestion points: The skill reads JSON token streams using the Read tool as defined in SKILL.md.
Boundary markers: There are no instructions or delimiters specified to isolate the untrusted token stream content from the agent's instructions, nor are there warnings to ignore embedded commands.
Capability inventory: The agent is granted access to the Bash, Read, and Write tools, which provides a significant capability tier that could be exploited via malicious content in the processed data.
Sanitization: The skill instructions do not specify any validation, filtering, or escaping of the token stream content before it is processed by the model for comprehension checks.

rsvp-comprehension-agent