The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard find and grep commands to help the agent locate relevant files (e.g., voice_agent.py, agent.py) and LiveKit-related code within the local workspace. These are discovery-oriented and do not perform unauthorized modifications or network operations.
[PROMPT_INJECTION]: The templates provided are for defining system behavior. They do not contain instructions to bypass safety filters, disclose system prompts, or override agent constraints.
[DATA_EXFILTRATION]: There are no patterns indicating the collection or transmission of sensitive data. The architecture description mentions third-party services (Cartesia, ElevenLabs, Deepgram), but the skill itself does not initiate connections to them.
[INDIRECT_PROMPT_INJECTION]: The prompt templates use string interpolation for variables like {business_name} and {customer_name}. While this creates a potential surface for indirect injection if these variables are populated from untrusted sources, the skill is instructional and does not demonstrate exploitable behavior.
Ingestion points: Variables in SKILL.md (e.g., {business_name}, {item_name}).
Boundary markers: No delimiters or safety instructions are included in the prompt templates.
Capability inventory: The templates mention tools for database actions (submit_request, book_appointment) in SKILL.md.
Sanitization: No sanitization logic is present in the examples.

voice-agent-prompt