The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it processes and summarizes external message content from the Agent Mail system without using delimiters or instructions to ignore embedded prompts.
Ingestion points: Messages are retrieved via the fetch_inbox and search_messages tools or an HTTP fallback to localhost:8765.
Boundary markers: None. The skill lacks explicit markers or safety instructions when presenting message data to the LLM.
Capability inventory: The skill uses curl, git, and hostname for coordination.
Sanitization: None. Message data is used directly for summaries and display.
[COMMAND_EXECUTION] (SAFE): The skill executes local shell commands (git, hostname, curl) to identify the agent and interact with a local service. These operations are appropriate for the skill's context and do not involve remote code execution or privilege escalation.

inbox