The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill facilitates querying agent profiles (names, descriptions) from the AT Protocol, which are attacker-controllable sources. This creates a surface where an agent could be influenced by malicious instructions embedded in a profile. * Ingestion points: Agent profile fields (name, description) ingested via tools.registry in SKILL.md. * Boundary markers: Delimiters or 'ignore instructions' markers are absent when processing external profiles. * Capability inventory: The skill uses tools.registry which performs network operations on the AT Protocol. * Sanitization: No sanitization or verification of the external metadata is defined.

agent-profile