The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts/test_skill.py utility attempts to provision a local environment by installing the openpyxl library from the official Python Package Index (PyPI). This is a standard procedure for ensuring the availability of required libraries in a development or testing context.
[COMMAND_EXECUTION]: The scripts/test_skill.py script uses subprocess.run to execute internal validation and build scripts during smoke tests. These calls use lists of arguments rather than shell strings, preventing typical command injection vulnerabilities.
[PROMPT_INJECTION]: The skill's primary function is to ingest and process data from untrusted external sources (e.g., PDFs, screenshots, and messy travel notes), which constitutes a surface for indirect prompt injection.
Ingestion points: User-provided travel documents and notes (referenced in SKILL.md and references/intake-protocol.md).
Boundary markers: Absent; the instructions do not explicitly use delimiters or warnings to ignore instructions embedded within the processed data.
Capability inventory: Capability to write .xlsx files via scripts/build_workbook.py and execute local testing scripts via scripts/test_skill.py.
Sanitization: Input data undergoes basic cleaning and filename-safe normalization within the scripts/build_workbook.py script.

travel-plan-spreadsheet-generator