The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it interpolates untrusted chat history directly into the LLM prompt.
Ingestion points: The context_messages parameter in the build_chat_messages function (SKILL.md).
Boundary markers: Absent. The prompt construction uses simple string formatting without delimiters or specific instructions for the AI to ignore instructions within the user-provided context.
Capability inventory: The skill performs HTTP POST requests to the DeepSeek API and emits events to the application frontend (SKILL.md).
Sanitization: Absent. There is no validation or escaping of the user content before it is processed by the AI model.

deepseek-integration