The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from employees (expense descriptions), which creates a surface for indirect prompt injection. * Ingestion points: User-provided text fields such as 'business_purpose' and 'description' in the expense_report schema defined in SKILL.md. * Boundary markers: There are no explicit instructions or delimiters defined to tell the agent to ignore instructions embedded within the user-provided text fields. * Capability inventory: The agent performs critical business functions including expense approval routing and reimbursement processing. * Sanitization: No mechanisms for sanitizing or validating the content of free-text fields are mentioned in the workflow.

expense-management