The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill is designed to ingest data from untrusted external sources which could contain malicious instructions meant to subvert the agent's behavior or poison the generated research findings.
Ingestion points: Phase 2 (Multi-Source Research) explicitly lists "Web Search" and "Community: Forums, discussions, Q&A sites" as data sources (found in SKILL.md).
Boundary markers: The instructions lack specific delimiters or "ignore embedded instructions" warnings for the agent when processing these external sources.
Capability inventory: The skill has the capability to write structured data to a local workspacePath in the form of research-findings.json and research-notes.md.
Sanitization: There is no evidence of sanitization or escaping mechanisms for the external content before it is interpolated into the final output files.
Data Exposure (LOW): The input requirements template exposes a specific local directory structure (/d/project/tuan/blog-workspace/). While not a credential, it reveals information about the host file system which could be used in targeted attacks.

blog-trend-researcher