The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Bash shell commands (test -f) in Step 1.1 to detect the presence of configuration files (EXTEND.md) in both the project directory and the user's home directory ($HOME/.baoyu-skills/). While these specific commands are low-risk and used for environment setup, they involve spawning a shell to interact with the filesystem.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data and interpolates it into instructions for another AI tool.
Ingestion points: The skill reads content from a user-specified file path or direct paste, saving it to source.md (Step 1.2).
Boundary markers: The prompt template defined in references/base-prompt.md lacks clear delimiters (like XML tags or triple quotes) or specific 'ignore embedded instructions' warnings around the {{CONTENT}} variable.
Capability inventory: The skill has the ability to write multiple files to the local filesystem and invoke an external image generation skill using the generated prompt.
Sanitization: No sanitization, filtering, or escaping is performed on the user content. The skill explicitly follows a 'verbatim' rule, mandating that all source data be preserved exactly as provided, which could allow malicious instructions hidden in the source text to influence the image generator.

baoyu-infographic