The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of ingesting and processing untrusted data from web search results and external publications. 1. Ingestion points: Untrusted content enters the agent context during web search tool execution and citation snowballing. 2. Boundary markers: The skill instructions emphasize maintaining a clear distinction between sourced evidence and model inference. 3. Capability inventory: The agent can perform web searches, spawn sub-agents for parallel investigation, and write artifacts to the local filesystem. 4. Sanitization: The workflow explicitly mandates a Source Triage phase and an Adversarial Pass (references/report/workflow.md, Step 6.5) to re-verify all load-bearing claims against original documents, providing a strong control against malicious content influence.
[COMMAND_EXECUTION]: The skill includes a shell script (evals/run-static-checks.sh) used for validating the skill structure and frontmatter. 1. The script executes python3 and standard shell utilities to perform integrity checks on CSV routing files. 2. It sources a shared static-check library from a relative path within the repository, which is a standard practice for development-time automation and testing.

research