The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-supplied data from $ARGUMENTS directly into the prompt context without boundary markers.\n- Ingestion points: User-supplied ideas enter the agent context via the $ARGUMENTS variable at the end of SKILL.md.\n- Boundary markers: None are present; the skill lacks delimiters such as triple quotes or XML tags to separate instructions from untrusted user content.\n- Capability inventory: The skill has no access to external tools, network operations, or file system modifications, as disable-model-invocation is enabled.\n- Sanitization: No input validation, escaping, or filtering is applied to the user-provided text.

executive-critique