The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill provides code to process external data from formats like .docx, .html, .xml, and .json (found in SKILL.md and references/mail-merge.md) which could contain malicious instructions. There are no boundary markers or instructions to isolate untrusted data, and the provided snippets do not include sanitization logic for the ingested content.
[SAFE]: Metadata Inconsistencies. The README.md contains references to .NET and C# code snippets (e.g., Program.cs) which is inconsistent with the skill's Java focus. This is a documentation artifact and does not represent a security threat.

syncfusion-java-word