The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted user input.
Ingestion points: The skill ingests user abstracts in SKILL.md at Step 4 via the placeholder variable.
Boundary markers: The skill lacks explicit delimiters or instructions to the model to ignore any potential directives embedded within the academic abstract text.
Capability inventory: The skill's frontmatter configuration includes 'Bash', 'Read', and 'Write' tools, which could be leveraged if a prompt injection was successfully executed.
Sanitization: No input validation or sanitization logic is present to filter malicious instructions from the processed text.

tw-research-abstract-optimizer