The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill reads and processes untrusted user data (research scripts and LaTeX files) to extract metadata. While this represents a theoretical injection surface where malicious comments in a script could influence the generated manifest, the risk is mitigated by the skill's specific parsing logic and the requirement for user review.
Ingestion points: Research scripts (.py, .R, .do, .jl, .m) and LaTeX documents (.tex) within the project path.
Boundary markers: None explicitly defined in the prompt for the output manifest.
Capability inventory: The skill utilizes Read, Write, Edit, Glob, and Grep tools to manage project documentation.
Sanitization: The skill implements a mandatory human-in-the-loop checkpoint, requiring the agent to show proposed changes and receive user confirmation via AskUserQuestion before performing any Write or Edit operations on existing script files.
[COMMAND_EXECUTION]: The skill uses standard search tools (Grep, Glob) to identify file patterns and content. It does not attempt to execute the scripts it analyzes or invoke arbitrary shell commands.
[DATA_EXPOSURE]: Analysis is restricted to the user-provided project directory. The skill does not access sensitive system directories, environment variables, or perform network operations to exfiltrate data.

pipeline-manifest