The Agent Skills Directory

[Prompt Injection] (LOW): The skill templates create a surface for Indirect Prompt Injection (Category 8) where AI agents process untrusted entity data. 1. Ingestion points: base44/agents/customer-support.jsonc (instructions) and base44/entities/Order.jsonc (data). 2. Boundary markers: Structural delimiters (Markdown headers) are used in system prompts. 3. Capability inventory: Functions in base44/functions/ can perform network operations (e.g., sendEmail.ts). 4. Sanitization: Documentation provides behavioral guidelines for identity verification but lacks programmatic sanitization in examples.
[Data Exfiltration] (LOW): Serverless function examples in rules/03-functions.md utilize the fetch API to communicate with external services like SendGrid. While legitimate for the tool's purpose, these represent outbound network traffic to non-whitelisted domains.

base44