The Agent Skills Directory

[SAFE]: The skill provides a controlled workflow for content analysis. It utilizes local project files (drafts, rubrics, and state files) and performs all operations within the user's environment without external exfiltration.
[PROMPT_INJECTION]: The skill processes untrusted data from local script files (scripts/*.md) and rubric notes. This presents a surface for indirect prompt injection (Category 8).
Ingestion points: The agent reads the full content of scripts/<id>.md and rubric_notes.md in Phase 1.
Boundary markers: Absent. No specific delimiters are mandated for the ingested script content.
Capability inventory: The skill uses Bash(*), Read, Write, and Glob tools to handle files and generate hashes.
Sanitization: No sanitization is performed on the ingested script content before it is processed for scoring.
Risk Mitigation: The threat is mitigated by the mandatory user review step (Phase 5.5), where the agent must present its draft prediction for user approval before any file is written to disk.
[COMMAND_EXECUTION]: The skill leverages the Bash tool for legitimate utility functions, including calculating SHA256 hashes of scripts to generate unique IDs and performing file operations like glob for anchor comparison. These actions are restricted to the local workspace.

cheat-predict