The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the sail CLI to perform all operations, including environment management (sail environment use), data retrieval (sail api get), and state-changing actions (sail api post for canceling/closing requests). These actions are aligned with the skill's stated administrative purpose.
[PROMPT_INJECTION]: The skill processes user-provided strings—such as identity names, request IDs, and cancellation reasons—and interpolates them into shell commands, creating a potential surface for indirect prompt injection or command injection.
Ingestion points: User-provided inputs (names, IDs, reasons) in SKILL.md used for API queries and command arguments.
Boundary markers: The skill uses double-quote delimiters for some parameters (e.g., "<name>") but lacks explicit instructions for shell escaping or input sanitization.
Capability inventory: The skill possesses the ability to read sensitive identity data and perform request lifecycle modifications (cancel/close) via the sail CLI.
Sanitization: No explicit input validation or sanitization logic is provided in the skill's instructions.

sailpoint-access-request-investigator