The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through data processed from the SailPoint ISC Search API. * Ingestion points: The shell script scripts/report.sh fetches event data from the /v2025/search endpoint using the sail CLI. * Boundary markers: The resulting health report is printed to standard output without the use of delimiters or instructions to the AI agent to ignore instructions embedded within the data. * Capability inventory: The skill has the capability to execute shell scripts and interact with the SailPoint CLI, which manages access to identity data. * Sanitization: No sanitization or filtering is performed on the data retrieved from the API (such as sourceName or action fields) before it is presented to the agent, allowing potentially malicious strings to enter the agent's context.

aggregation-report