The Agent Skills Directory

Indirect Prompt Injection Surface: The skill is designed to process data from external support tickets which may contain untrusted content. Ingestion points: input argument and '~~support platform' tool outputs as described in SKILL.md. Boundary markers: the instructions lack explicit delimiters or warnings to ignore instructions embedded within the processed data. Capability inventory: the skill has permissions to read from '~~support platform', '~~knowledge base', and '~~project tracker'. Sanitization: there is no mention of content filtering or validation for retrieved data. This combination creates a surface where malicious instructions in a ticket could potentially influence the agent's output.

kb-article