The Agent Skills Directory

[PROMPT_INJECTION]: The skill architecture presents an indirect prompt injection surface because it is designed to ingest and process untrusted information from external research and user-provided text. * Ingestion points: User-authored drafts and external research findings extracted during the writing process (SKILL.md, Instructions section). * Boundary markers: There are no explicit instructions or delimiters defined to separate user/external content from the agent's system instructions. * Capability inventory: The skill relies on file system operations (outlining, drafting) and search tools, which could be misused if malicious instructions are processed. * Sanitization: The instructions do not specify any validation or filtering mechanisms for the data being processed.
[COMMAND_EXECUTION]: The documentation includes standard terminal commands for project initialization. * Evidence: Examples include mkdir, cd, and touch for setting up a local writing directory and initial draft file (SKILL.md, lines 36-41). These are non-privileged, benign operations intended for standard local file management.

content-research-writer