The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external data provided by the user in formats such as CSV, Excel, and JSON. While this constitutes an attack surface for indirect prompt injection, it is the primary intended function of the tool. The risk is minimized as the skill performs mathematical modeling and structured reporting rather than executing instructions contained within the data.
Ingestion points: Data is ingested via file paths or direct input as specified in instructions.md and processed by the ConstructionScenarioPlanner class in SKILL.md.
Boundary markers: No explicit boundary markers or 'ignore' instructions are implemented in the provided code to delimit user data from system instructions.
Capability inventory: The skill's capabilities are limited to internal Python calculations, data manipulation using pandas/numpy, and report generation. It does not possess network access or arbitrary command execution capabilities in the provided source.
Sanitization: The code includes basic validation (e.g., checking if parameter names exist) but does not perform advanced sanitization or escaping of the input data before it is processed by the model or included in reports.
[EXTERNAL_DOWNLOADS]: The skill specifies dependencies on well-known, trusted Python packages (pandas and numpy) which are standard for data analysis tasks. No non-standard or suspicious remote sources are used.

scenario-planner