The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It iterates through and parses all Markdown files within the ./research/ directory to extract YAML frontmatter and date information used to determine orchestration logic and subagent parameters. Maliciously crafted content within these research files could potentially influence the agent's decision-making or the instructions passed to the research-curator subagents.
Ingestion points: Markdown files discovered via globbing ./research/**/*.md (specifically SKILL.md Step 1).
Boundary markers: Absent. The skill parses file content and metadata without explicit delimiters or instructions to ignore embedded commands.
Capability inventory: Execution of shell commands (git, uv), spawning of subagents with dynamic prompts, and outbound network access via integrated tools.
Sanitization: Absent. There is no evidence of validation or escaping for data extracted from research files before it is interpolated into subagent prompts or summary reports.
[COMMAND_EXECUTION]: The skill performs shell command execution as part of its post-processing workflow. It uses uv run prek to lint files and standard git commands (git add, git commit, git push) to update the remote repository. While these actions are consistent with the skill's stated purpose of refreshing and maintaining research docs, they represent a capability to modify the filesystem and interact with external code hosting services.

refresh-research