The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted content.
Ingestion points: The variable student_work_sample in SKILL.md allows external content (e.g., text provided by a user or fetched from a file) to be inserted directly into the core instructional prompt.
Boundary markers: The prompt uses bold headers like **Student work:** to separate the data, but it lacks explicit 'ignore embedded instructions' directives or unique delimiters to prevent the agent from being hijacked by instructions hidden within the student work.
Capability inventory: The skill is highly restricted as it does not request any tools (allowed-tools is not defined/empty) and does not include any executable scripts, which significantly limits the potential impact of a successful injection to text-based deception.
Sanitization: No input validation or sanitization logic is present to identify or strip out instructional overrides within the input fields.

error-analysis-protocol