The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface by processing untrusted data. 1. Ingestion points: The 'Execution Flow' section explicitly states that the skill pulls data from Calendar (attendees, descriptions), CRM (pipeline alerts, deal health), and Email (unread messages). 2. Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore or isolate commands embedded within these external data sources. 3. Capability inventory: The skill has high-privilege access to sensitive corporate information and the logic to prioritize actions and trigger related skills like 'call-prep'. 4. Sanitization: Absent. No filtering or escaping logic is defined for the external content.
[Data Exposure] (MEDIUM): The skill is designed to handle highly sensitive corporate data, including pipeline amounts, deal stages, and meeting context. While no explicit exfiltration commands (like curl) are present in the documentation, the ingestion of untrusted data via Category 8 makes this data accessible to an attacker through a successful injection attack.

daily-briefing