The Agent Skills Directory

[SAFE]: The skill is designed for the legitimate purpose of auditing presentation slides and uses standard rendering tools (Quarto and LaTeX) as intended by the author.
[COMMAND_EXECUTION]: The skill executes shell commands such as quarto render using a user-supplied filename. While this involves processing user input in a shell context, it is a necessary part of the skill's functionality for auditing rendered output.
[PROMPT_INJECTION]: The skill processes Quarto (.qmd) and Beamer (.tex) files which are capable of executing embedded code during rendering or compilation. 1. Ingestion points: The skill reads and renders files specified by the user in the $ARGUMENTS variable. 2. Boundary markers: There are no specific delimiters or instructions to the agent to disregard potentially malicious embedded instructions in the source files. 3. Capability inventory: The skill has the ability to render files (executing embedded code), write files, and create tasks. 4. Sanitization: No validation or sanitization of the input file content is performed prior to the rendering process.

visual-audit