The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). • Ingestion points: The agent is instructed to read external content from URLs listed in RESOURCES.md. • Boundary markers: Absent; no delimiters are used to separate untrusted external data from system instructions. • Capability inventory: The agent can read and write files in the local workspace and execute CLI commands. • Sanitization: Absent; no validation or filtering of external data is specified.
[COMMAND_EXECUTION]: The skill directs the agent to open generated HTML lesson files using CLI commands for user convenience, which involves invoking shell processes based on file paths.

teach