The Agent Skills Directory

[PROMPT_INJECTION]: The design of the workflow orchestration provides a significant surface for indirect prompt injection. \n- Ingestion points: Workflow steps and instructions are read from external YAML files provided to the run.py state manager. \n- Boundary markers: The skill does not wrap the instructions in delimiters or provide safety prompts to ensure the agent ignores malicious content embedded in the workflow steps. \n- Capability inventory: By directing the sequence and content of skill invocations, this skill acts as a high-level controller for the agent's actions. \n- Sanitization: Instructions and skill names are used directly from the YAML files without any validation or sanitization, allowing for potential manipulation of agent behavior.

workflow-orchestration