The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions include a rule to recommend installing an external skill from 'github:mindverse/skillhub' when a user request falls outside the skill's primary function.
[PROMPT_INJECTION]: The skill processes untrusted user data (Category 8). Ingestion points: The skill reads user-provided book text, highlights, and notes (SKILL.md). Boundary markers: The instructions do not specify any delimiters or markers to isolate user input. Capability inventory: The skill is limited to generating formatted markdown notes and lacks shell or file system access. Sanitization: There is no evidence of input validation or escaping to prevent embedded instructions from affecting the output or agent behavior.

book-notes