The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes user-generated or externally-sourced Markdown and JSON files from a specified project directory to compile reports. This creates a surface for indirect prompt injection where malicious instructions embedded in these files could potentially influence the agent's behavior if it parses the content during the compilation workflow.
Ingestion points: Markdown files in folders like research/, specifications/, and analysis/, as well as citation data in *.citations.json files.
Boundary markers: Absent. The skill merges content from various files into a single document without using specific delimiters to isolate potentially untrusted content from agent instructions.
Capability inventory: The skill has file reading/writing capabilities and executes shell commands via subprocess.run (calling Pandoc and LaTeX).
Sanitization: The compilation script performs basic formatting (removing YAML frontmatter and demoting headers) but does not sanitize prose content for instruction-like patterns or malicious injection strings.
[COMMAND_EXECUTION]: The script scripts/compile_report.py uses subprocess.run to invoke external system utilities, specifically pandoc and xelatex, for document conversion. While arguments are passed as a list to mitigate basic shell injection, the skill relies on the execution of these system-level tools for its primary functionality.

report-generation