The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from external, untrusted sources such as Reddit, Niche, GMAT Club, and various university websites during Phase 2 and Phase 3 of its research workflow. Instructions embedded in these external pages could potentially influence the agent's output or recommendations.
Ingestion points: Web research results from university sites and student forums (Reddit, Niche, GMAT Club).
Boundary markers: The prompts provided to subagents do not include explicit delimiters or instructions to ignore potential commands hidden within the fetched web content.
Capability inventory: The skill has the ability to write to the local file system ({NAME}_US_PROGRAM_ACTION_PLAN.md) and execute complex tasks via subagents.
Sanitization: No content sanitization or validation of retrieved external data is described in the skill instructions.
[DATA_EXFILTRATION]: The skill workflow involves collecting personally identifiable information (PII), including the user's full name, email address, and academic transcripts or GPAs. While this data is necessary for the skill to generate a customized 'Action Plan,' users should be aware that this sensitive information is processed by the agent and stored in a local markdown file.

us-program-research