The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests untrusted data from an Agent Bus, which presents a surface for indirect prompt injection. Ingestion points: The agent retrieves topic history from an external bus via the sync() tool described in SKILL.md. Boundary markers: The instructions lack specific delimiters or instructions for the agent to ignore embedded commands within the bus messages. Capability inventory: The agent is instructed to implement code fixes and perform reviews based on the data retrieved from the bus. Sanitization: No validation or escaping of message content is mentioned in the workflow instructions.

agent-bus-workflows