The Agent Skills Directory

[PROMPT_INJECTION]: The file references/security-risks.md contains strings such as 'Ignore all previous instructions' and 'Your new task is to...'. These are explicitly presented as examples of malicious email content to educate users on how to implement defenses and do not constitute an attempt to manipulate the agent.- [EXTERNAL_DOWNLOADS]: The skill references the agentmail package for Python and Node.js. These are the official SDKs for the platform described in the documentation and trace back to the skill's authoring organization.- [PROMPT_INJECTION]: This skill demonstrates how to ingest external email data into an LLM context, which constitutes an indirect prompt injection surface. 1. Ingestion points: event.message.text and msg.extracted_text used in SKILL.md examples. 2. Boundary markers: The documentation explicitly recommends using delimiters (e.g., '---') and system instructions to frame external content. 3. Capability inventory: The SDK enables sending emails, managing inboxes, and handling WebSocket events. 4. Sanitization: The reference files provide functional code examples for filtering inbound instructions (is_suspicious) and scanning outbound messages for secrets (contains_secrets).

email-for-ai-agents