The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external files.
Ingestion points: The agent accepts project data via file paths or direct input in CSV, Excel, and JSON formats as defined in instructions.md.
Boundary markers: There are no explicit boundary markers or delimiters defined in the instructions to separate user-provided data from the agent's core instructions.
Capability inventory: The skill requires python3 for data processing and requests filesystem permissions in claw.json to read user files.
Sanitization: Although instructions.md advises validating inputs, the Python implementation in SKILL.md does not include specific logic to sanitize or escape natural language instructions that might be embedded within the data files.

environmental-monitoring