The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it incorporates data from local files into prompts for an external reasoning model. Ingestion points: Files such as STORY.md, README.md, paper drafts, and memory/notes. Boundary markers: The prompt template lacks explicit delimiters or instructions to ignore embedded commands in the context. Capability inventory: The skill has access to Bash, Read, Write, Edit, and MCP tools (mcp__codex__codex). Sanitization: No validation or escaping of ingested file content is performed.
[DATA_EXFILTRATION]: The skill reads local research data and transmits it to an external LLM service via the Codex MCP server. This behavior is documented as its primary function but inherently exposes local project contents to an external entity.

research-review