The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted job description text into a model prompt.
Ingestion points: User-provided text is inserted into the {职位描述文本} placeholder within the prompt template in SKILL.md.
Boundary markers: The skill attempts to isolate user input using markdown code blocks (text ... ), which is a weak delimiter that can be escaped by adversarial content.
Capability inventory: No dangerous tools, subprocess calls, network operations, or file-system writing capabilities were identified in the skill definition or referenced files.
Sanitization: There is no evidence of input validation, filtering, or escaping logic to prevent malicious instructions within the job description from influencing the agent's behavior.

51mee-position-parse