The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill utilizes npx -y within references/mcporter.json to download and execute MCP server packages (@kunihiros/google-patents-mcp and exa-mcp-server) from the official npm registry. This is a standard mechanism for tool extension but involves runtime execution of code from a remote repository.
[COMMAND_EXECUTION]: The skill uses bash and python3 to perform environment initialization, manage temporary work directories, and orchestrate tool calls through the mcporter CLI. These operations are scoped to the skill's operational requirements.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user technical descriptions and processes them through multiple sub-agents with tool-execution capabilities.
Ingestion points: User input is saved to ${WORK_DIR}/00_input/input.md and read by all subsequent agent phases.
Boundary markers: The prompts in references/prompts/ define clear input/output file scopes but lack robust delimiters (e.g., XML tags or specific 'ignore embedded instructions' markers) to isolate user-supplied content from agent directives.
Capability inventory: Agents have access to bash for file management and the mcporter tool for network-based patent and web searches.
Sanitization: There is no explicit sanitization or validation of the input Markdown before it is passed to sub-agents for analysis and text generation.

patent-draft-agent