The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from project logs and focus reports to generate output.
Ingestion points: Project context files, including progress logs, current focus summaries, and recent work history, are read into the agent's context during the initial workflow step (SKILL.md).
Boundary markers: The instructions do not specify any delimiters or safety markers to isolate project data from the agent's instructions, nor do they include warnings to ignore embedded commands within the logs.
Capability inventory: The skill uses Read, Write, and Edit tools, along with Bash for LaTeX compilation (latexmk, xelatex, pdflatex), allowing for file manipulation and document generation based on the ingested content.
Sanitization: There is no mention of sanitizing or validating the external text data before it is interpolated into the deck generation process or passed to LaTeX compilation tools.

project-deck