The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) as it is designed to ingest and process data from the user and local workspace files to generate blog proposals. Ingestion points: The skill reads multiple local files such as docs/ブランド/ブランド・マニフェスト.md and develop/blog/context.md (specified in prompts/01-reference.md) and implicitly processes user-provided blog ideas. Boundary markers: The prompt templates in prompts/01-reference.md through prompts/05-confirm.md lack explicit delimiters or 'ignore' instructions for the content being read. Capability inventory: The agent is restricted to Read, Grep, Glob, and AskUserQuestion, which prevents destructive actions or remote execution. Sanitization: No evidence of escaping or validation of ingested content was found in the prompt logic. Evidence of vulnerability surface is present across the prompts/ directory files.

blog-planner