The Agent Skills Directory

[PROMPT_INJECTION]: Potential for indirect prompt injection (Category 8). The skill ingests external data fields such as product.name_cn and marketing.amazon_heat and interpolates them directly into Markdown reports without sanitization or boundary markers. If these inputs originate from untrusted sources (e.g., external crawlers), they could contain malicious instructions designed to influence downstream LLMs. This is identified as a vulnerability surface rather than an active exploit.
Ingestion points: input.product and input.marketing in report_generator.mjs.
Boundary markers: None identified in the report templates.
Capability inventory: File system writes via writeFileSync in orchestration scripts.
Sanitization: No escaping or validation of the content of string fields is performed before Markdown generation.
[COMMAND_EXECUTION]: The skill documentation and reference scripts facilitate the execution of local Node.js scripts for validation and report generation. These operations are limited to standard file system tasks (reading templates, writing results to the deliverables/ directory) and are consistent with the skill's stated purpose.
[DATA_EXPOSURE]: The skill reads and writes JSON files locally within the project scope. There is no evidence of access to sensitive system paths (e.g., SSH keys, environment variables) or unauthorized data exfiltration.

skill-f-report-generator