The Agent Skills Directory

[PROMPT_INJECTION]: The send_notification_email function in SKILL.md.original and references/pythonflask-with-smtp.md utilizes the |safe filter within a Jinja2 template. This filter explicitly disables HTML escaping for the html_content field. If this field processes data from an untrusted source, it facilitates HTML injection or phishing attacks within the emails sent by the agent.
Ingestion points: The notification_data object in SKILL.md.original and references/pythonflask-with-smtp.md.
Boundary markers: None present; the skill lacks delimiters or instructions to ignore instructions embedded in the data.
Capability inventory: The skill includes functionality to send emails via SMTP and third-party providers (SendGrid).
Sanitization: Sanitization is explicitly bypassed for the content variable.
[PROMPT_INJECTION]: The use of render_template_string with user-controlled variables such as title and message in SKILL.md.original creates a surface for Indirect Prompt Injection and Server-Side Template Injection (SSTI). If an attacker provides Jinja2 syntax as input for these fields, it could lead to the leakage of sensitive application configuration data when the email is rendered.
[EXTERNAL_DOWNLOADS]: The skill requires several standard third-party libraries, including flask-mail, flask, mjml, fastapi-mail, email-validator, and dnspython for Python, as well as @sendgrid/mail and express for Node.js. These are well-known packages used for email handling and web services.

email-service-integration