The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted text from user-provided files and interpolates it into a synthesized report without explicit sanitization. • Ingestion points: Content read from .md, .txt, and .csv files in Step 1 and 2 of SKILL.md. • Boundary markers: Absent; there are no instructions to the model to ignore embedded commands within the feedback content. • Capability inventory: Local file system reads and writes to a markdown report. • Sanitization: Absent.
[DATA_EXFILTRATION]: Broad File Scanning. In Step 1.1, the skill instructions specify scanning the current working directory for all files with .md, .txt, and .csv extensions if no path is provided. This creates a minor risk of exposing sensitive information if credentials or private data are stored in such files in that directory.

user-feedback-synthesizer