The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection because its primary function is to ingest and process data from 100+ external APIs and it provides write access to those same platforms.
Ingestion points: Data retrieved from external API endpoints (e.g., Slack messages, Gmail threads, Notion pages) as documented in SKILL.md and the references/ directory.
Boundary markers: The skill instructions do not provide delimiters or warnings to ignore instructions embedded within the data retrieved from external APIs.
Capability inventory: The skill provides Python code snippets in SKILL.md that allow the agent to perform GET, POST, PUT, PATCH, and DELETE operations via urllib.request across all integrated services.
Sanitization: There is no evidence of sanitization or validation of the data received from external services before it is processed by the agent.
[DATA_EXFILTRATION]: The skill performs network operations to the Maton API gateway and control plane to facilitate its stated purpose.
Network operations: The skill documentation and examples in SKILL.md describe requests to https://gateway.maton.ai and https://ctrl.maton.ai.
Data exposure: The skill accesses the MATON_API_KEY from the environment to authenticate requests to these domains. This is expected behavior for an extension designed to interface with this specific service provider.

api-gateway