The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process untrusted markdown files provided by the user. Maliciously crafted instructions within a thesis document could theoretically override the agent's intended behavior during the polishing process.
Ingestion points: The skill reads external thesis content via file paths or direct text input (SKILL.md, Step 1).
Boundary markers: The instructions lack explicit delimiters or specific warnings to the AI to ignore instructions embedded within the user's text.
Capability inventory: The agent is granted access to 'Read' and 'Write' tools to manipulate files on the filesystem, along with the 'AskUserQuestion' tool.
Sanitization: There is no evidence of input validation or sanitization of the processed text to filter out potential injection strings.
[COMMAND_EXECUTION]: The skill's workflow explicitly requires the use of file system tools ('Read' and 'Write'). While these tools are essential for the primary purpose of polishing a thesis file, they provide the underlying capabilities that could be exploited if an indirect prompt injection attack were successful.

lovstudio-thesis-polish