The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted external content from file paths or URLs. Ingestion points: the skill accepts a file-path-or-url argument in SKILL.md. Boundary markers: The skill instructions do not explicitly define delimiters to separate document content from agent instructions. Capability inventory: The skill has access to Bash, Read, Write, Edit, Grep, and Glob tools. Sanitization: No sanitization or validation of the external content is mentioned. Despite the presence of this attack surface, no malicious instructions or bypass patterns were found in the skill itself.- [COMMAND_EXECUTION]: The skill identifies Bash and file manipulation tools as allowed in the frontmatter. These tools are used for document management tasks such as chunking and reading files. No evidence of malicious shell commands, unauthorized privilege escalation, or persistence mechanisms was detected in the content.- [EXTERNAL_DOWNLOADS]: The skill processes URLs for summarization purposes. Analysis shows that the skill retrieves text content for processing rather than downloading and executing remote scripts or binaries. No patterns of remote code execution or exfiltration were found.

very-long-text-summarization