The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from data retrieved via SailPoint APIs.
Ingestion points: The skill fetches account and identity data using sail api get '/v2025/accounts' and sail api post '/v2025/search' (documented in SKILL.md, steps 3 and 4).
Boundary markers: No explicit instructions or delimiters are provided to the agent to ignore instructions embedded in the retrieved account attributes.
Capability inventory: The skill provides instructions for destructive actions such as disabling (/disable) or deleting (DELETE) accounts (documented in references/api-endpoints.md).
Sanitization: There is no mention of sanitizing or escaping the data retrieved from SailPoint before it is processed or presented in the final report.
[COMMAND_EXECUTION]: The skill constructs CLI commands for the sail tool by interpolating variables such as {name}, {sourceId}, and {identityId} into command strings (e.g., sail environment use {name}). If the names or IDs retrieved from the SailPoint tenant contain shell metacharacters, it could result in command injection during execution.
[DATA_EXFILTRATION]: The skill retrieves and displays highly sensitive identity information, including PII, account names, native identities, and lifecycle states (inactive/terminated). Although no exfiltration to unauthorized third parties was identified, the exposure of this data to the agent's context constitutes a sensitive data handling surface.

sailpoint-orphan-and-dormant-account-report