The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting free-form, untrusted user text and processing it into a structured config.yml file. This data is then used to drive automated document generation and command execution.
Ingestion points: User-provided study descriptions are saved to raw/proposal_*.md and distilled into config.yml as described in SKILL.md and references/distill.md.
Boundary markers: The skill lacks explicit instructions or markers to delimit user-provided content from system instructions during the distillation phase, which could lead to the agent obeying instructions embedded within the research proposal.
Capability inventory: The skill executes local shell commands and Python scripts (make all, make review, scripts/generate_all.py) that process data derived from user input.
Sanitization: No sanitization or validation logic is defined to strip potentially dangerous characters or payloads from the user's input before it is utilized by the automation scripts.
[COMMAND_EXECUTION]: The workflow relies on the execution of local shell scripts and a Makefile (make all, make review, ./dashboard.sh). These tools orchestrate the generation and conversion of documents based on the config.yml. While standard for this application, performing these operations on data sourced from untrusted user input requires human verification of the resulting files.

irb-form-generator