The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The SDK documentation describes methods such as InvokeLLM and ExtractDataFromUploadedFile which ingest untrusted data from prompts or external files. This represents a potential surface for indirect prompt injection. * Ingestion points: base44.integrations.Core.InvokeLLM and base44.integrations.Core.ExtractDataFromUploadedFile (referenced in QUICK_REFERENCE.md and functions.md). * Boundary markers: None documented in the SDK reference files. * Capability inventory: The SDK supports extensive capabilities including file operations, network requests, email delivery, and CRUD operations. * Sanitization: The ExtractDataFromUploadedFile method uses a json_schema for structured data extraction, which provides a layer of validation, though no general sanitization of LLM prompts is mentioned.
[Data Exposure & Exfiltration] (LOW): The connectors module (documented in connectors.md) allows for the retrieval of raw OAuth access tokens for third-party services like Slack, GitHub, and Salesforce. This provides a high-privilege capability that could be targeted for credential exfiltration if the agent is manipulated.
[No Code] (SAFE): The provided skill package consists entirely of markdown documentation files (.md) and does not contain any executable scripts (.js, .py, .sh) or binaries.

base44-sdk