The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest and process patient-specific data (e.g., demographics, diagnoses, and medical history) to populate various LaTeX templates. This creates a surface for indirect prompt injection where malicious instructions embedded in the user-supplied data could potentially influence the agent's behavior during the document generation process.
Ingestion points: Clinical assessment and patient information fields in all LaTeX templates located in the assets directory (e.g., one_page_treatment_plan.tex, general_medical_treatment_plan.tex) and the customization instructions in SKILL.md.
Boundary markers: Absent. The skill does not implement specific delimiters or 'ignore' instructions to separate untrusted data from the agent's core operational logic.
Capability inventory: The skill configuration grants access to the Read, Write, Edit, and Bash tools, allowing the agent to create files and execute local commands such as pdflatex or the provided Python scripts.
Sanitization: Absent. The included Python scripts (check_completeness.py and validate_treatment_plan.py) focus on document structure and clinical quality but do not include checks for malicious payloads or prompt injection patterns within the processed data.

treatment-plans