The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute a Python script (scripts/generate_school_doc.py) with arguments derived from user input (--subject, --content, --author, --school). This pattern creates a potential for command injection if the agent or the platform does not properly escape shell characters in the user-supplied strings before passing them to the shell.
[PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection (Category 8). It ingests untrusted user data and writes it directly into a generated .docx file without sanitization or boundary markers. This could be exploited if the output file is later processed by another AI agent.
Ingestion points: User input collected in Step 1 and used in the Step 2 bash command.
Boundary markers: None identified in the prompt templates or the generation script.
Capability inventory: Bash for command execution, Write for file creation, and python-docx for document manipulation.
Sanitization: No input sanitization or escaping logic is present in the generate_school_doc.py script for the text data.
[DATA_EXPOSURE]: The skill instructions specify reading files from parent directories (e.g., ../../tw_edu_concept_alignment.md and ../../tw_edu_mcp_strategy.md). While these appear to be shared configuration or policy files for a specific ecosystem of skills, this pattern highlights the skill's ability to access the file system beyond its immediate directory.

tw-edu-school-document