The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing arbitrary artifact content during its multi-phase analytical workflow. * Ingestion points: Artifact data is ingested via the Read tool in Phase 1 as defined in SKILL.md. * Boundary markers: The instructions do not define delimiters or protective instructions (e.g., 'ignore embedded instructions') when handling the artifact content. * Capability inventory: The skill utilizes the Read and Write tools to analyze files and append data to a persistent markdown log (.prism-history.md). * Sanitization: There is no evidence of sanitization, escaping, or schema validation for the external content before it is incorporated into the prompt context.

prism-reflect