The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the user's paper directory to be processed by an external model. * Ingestion points: The skill reads various file types from the specified paper-directory, including .tex paper files and various raw result formats (.json, .csv, .tsv, .yaml) in Step 1. * Boundary markers: The provided instructions do not specify the use of clear boundary markers or delimiters when presenting the content of these files to the auditor model in Step 2. * Capability inventory: The execution environment (Claude) has access to a wide range of tools including Bash, Read, Write, Edit, Grep, Glob, and Agent. The auditor model itself provides a text-based report which is then parsed by the executor in Step 3. * Sanitization: There is no evidence of sanitization or validation of the ingested file content before it is processed by the model.

paper-claim-audit