The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection due to its core function of processing untrusted text drafts.
Ingestion points: Untrusted data enters the agent context through the 'context_bundle' field, specifically within 'source_scene_draft' or chapter-level text inputs, as defined in 'SKILL.md' and 'references/novel-system/schemas/context-bundle.schema.md'.
Boundary markers: While the system employs structural separation by organizing inputs into named YAML blocks (present), it lacks explicit 'ignore instructions' delimiters or protective wrappers within the text drafts themselves (absent).
Capability inventory: The skill is authorized to propose 'writebacks' and 'change_sets' that update project-critical files such as 'CURRENT_STATE.md', 'OPEN_LOOPS.md', and 'FORESHADOWS.md', which are used to guide the behavior of other agents in the system.
Sanitization: There is no evidence of input validation or content sanitization to prevent adversarial instructions embedded in the novel text from influencing the summarization logic or the resulting state updates (absent).

novel-chapter-summarizer