The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes user-defined markdown files such as outline.md, book_rules.md, and reference.txt to provide context and specific instructions to its LLM agents (Architect, Writer, and Auditor). This creates a surface for indirect prompt injection where malicious instructions within these files could manipulate agent behavior or attempt to bypass intended constraints.
Ingestion points: outline.md, book_rules.md, and reference.txt (SKILL.md).
Boundary markers: Absent in documentation; user-provided "Special Writer Instructions" are interpolated into the prompt logic (SKILL.md).
Capability inventory: Local file system access for project management, network access for LLM APIs, and external webhook triggers (SKILL.md).
Sanitization: No sanitization or safety validation of the input markdown content is described (SKILL.md).
[DATA_EXFILTRATION]: The skill manages sensitive API keys for OpenAI and GPTZero within a local configuration file (~/.inkos/config.json). It also features a webhook mechanism designed to send project events to an external URL, which could potentially be used for data exfiltration if the agent's behavior is manipulated via prompt injection.
[EXTERNAL_DOWNLOADS]: The installation process involves downloading the @actalk/inkos package from the NPM registry, which is a standard distribution method for Node.js-based tools.
[COMMAND_EXECUTION]: The skill operates as a CLI application providing various commands for project lifecycle management and includes a daemon mode for continuous background operations and task scheduling.

inkos-multi-agent-novel-writing