The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from sources such as Slack dumps or Linear exports and interpolates this content into an HTML template. \n- Ingestion points: The workflow in SKILL.md identifies "raw sprint plan (HTML, markdown, Slack dump, Linear export)" as the primary data source. \n- Boundary markers: There are no instructions for the agent to use delimiters or ignore embedded instructions within the ingested data. \n- Capability inventory: The skill writes to the local file system (sprint-dag-*.html) and instructions suggest the use of the open command to view the generated file. \n- Sanitization: The assets/template.html uses innerHTML to render extracted title, sub, and person data points. If the input data contains malicious script tags, they will be executed when a user opens the resulting HTML file. \n- [EXTERNAL_DOWNLOADS]: The skill's HTML template fetches font assets from Google Fonts, a well-known service. This network operation is limited to visual styling and does not involve sensitive data access or executable code download.

sprint-pretty-html