The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its primary data processing workflows. The included Python scripts, scripts/risk_assessment.py and scripts/compliance_checker.py, ingest untrusted data from external CSV files (specified via the --assets and --controls-file arguments) and incorporate this data into reports formatted as Markdown or JSON. If these source CSV files contain malicious natural language instructions, they could influence the agent's behavior when it subsequently processes the generated reports.
Ingestion points: Assets and control status data are read from user-provided CSV files.
Boundary markers: Absent. The reports generated by the tools do not use specific delimiters or instructions to notify the agent to ignore potential instructions embedded within the data.
Capability inventory: The skill provides the agent with the ability to execute local Python scripts that perform file read and write operations.
Sanitization: No sanitization or validation of the CSV content is performed before it is included in the output.

information-security-manager-iso27001