The Agent Skills Directory

Indirect Prompt Injection Surface: The skill processes research data from external sources (such as Hacker News or research papers) and interpolates it directly into a prompt for script generation.
Ingestion points: The scripts/generate_script.py file reads all .md files within the {workspace}/data/research/ directory.
Boundary markers: The script uses a clear prefix (Write the radio script based on this research:\n\n) to separate instructions from data, though it does not explicitly instruct the model to ignore embedded instructions within the research files.
Capability inventory: The skill uses client.interactions.create() to call an LLM and writes the resulting text to a file in the workspace using standard file operations. It does not perform shell execution or network requests using the research data.
Sanitization: No explicit sanitization or filtering is performed on the research content before it is sent to the model, which could allow maliciously crafted research notes to influence the host's dialogue or the script's format.
Instructional Overrides: The skill contains rigid instructions (e.g., 'CRITICAL', 'MUST', 'strictly off-limits') designed to enforce a specific persona and safety alignment. While intended to maintain show quality, these are standard prompt engineering techniques used in persona-based agents.

script-writing