The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it incorporates external data from source packs into its production workflow for generating prompts and overlays.
Ingestion points: Untrusted data is ingested through the 'source-pack/' directory, as noted in the workflow steps of SKILL.md.
Boundary markers: The skill does not employ explicit delimiters or delimiters to isolate processed data from its own core instructions, which could allow instructions embedded in source data to influence agent behavior.
Capability inventory: The skill possesses significant capabilities, including writing to the local filesystem within 'logs/' and 'artifacts/' directories and invoking external image generation tools like '$fal-nano-banana-2-image-gen'.
Sanitization: No mechanisms for sanitizing, validating, or escaping the input data are described in the instructions before the data is used to construct generative prompts or SVG assets.

ads-suite-pipeline