The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes sail CLI commands to perform administrative operations on the SailPoint Identity Security Cloud tenant. This includes switching environments and making API calls to list or modify the state of access requests.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it retrieves and interprets data from an external API.
Ingestion points: Untrusted data is fetched from the /v2025/access-request-status endpoint (as documented in SKILL.md), which returns fields like name and errorMessages that may contain user-provided content.
Boundary markers: The skill's instructions do not include markers or warnings to separate the API response data from the agent's logical execution flow.
Capability inventory: The skill has 'write' capabilities, as it can issue POST requests to cancel or force-close access requests via the CLI in SKILL.md and references/api-endpoints.md.
Sanitization: There is no indication of sanitization or validation performed on the retrieved API data before it is presented to the agent or used in subsequent logic.

sailpoint-stuck-requests