The Agent Skills Directory

[COMMAND_EXECUTION]: The skill specification defines requestParser and responseParser fields which are designed to contain JavaScript code strings. These strings are executed at runtime to transform data, representing a dynamic execution pattern.
[EXTERNAL_DOWNLOADS]: The functions getCreateTicketParamJsonSchema, getAllServiceItem, and requestUserSelectServiceItem are defined to perform HTTP requests to the YQCloud service URL (${STATIC#yqcloud_url}). These are documented as standard functional requirements for the ITSM integration.
[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting and processing external data from service item catalogs and schemas which could potentially contain malicious instructions.
Ingestion points: Data enters the agent context through the outputs of getAllServiceItem and getCreateTicketParamJsonSchema.
Boundary markers: The provided documentation does not specify the use of boundary markers or instructions to ignore embedded commands within the ingested data.
Capability inventory: The skill has the capability to perform network requests (call_url) and trigger the createTicket function.
Sanitization: While the responseParser allows for data filtering using lodash, there are no explicit sanitization protocols defined to prevent instruction injection from the external data sources.

yqcloud-function-calling