The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external material descriptions and cost data. 1. Ingestion points: Material codes and descriptions are read from user-provided CSV, Excel, or JSON files. 2. Boundary markers: No specific delimiters or safety warnings are included in the prompt instructions to separate untrusted data from the agent's logic. 3. Capability inventory: The skill has 'filesystem' permissions used to write reports via the export_substitution_report method. 4. Sanitization: No explicit sanitization or filtering of material descriptions is performed before they are used in similarity matching. The risk is evaluated as safe because the data is used for programmatic cost analysis rather than being executed as instructions.
[DATA_EXFILTRATION]: The skill accesses the local filesystem to read Parquet databases and write Excel reports. This behavior is expected given the skill's purpose for construction estimation and its declared filesystem permission. No unauthorized network transmissions or credential accesses were detected.

cwicr-material-substitution