The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection by ingesting untrusted data and having file-writing capabilities.\n- Ingestion points: Untrusted data enters the agent context in SKILL.md (Step 1) via user-provided text and URLs fetched through the web_fetch tool.\n- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to isolate user-provided content from the system logic.\n- Capability inventory: The skill performs network reads (web_fetch) and writes generated outlines to the content-ideas/ local directory.\n- Sanitization: No escaping, validation, or filtering of external content is performed before processing.

content-ideas-generator