The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from multiple external communication channels. * Ingestion points: The skill reads external data via gmail_read_thread, query_granola_meetings, and Attio list-comments (SKILL.md). * Boundary markers: The workflow instructions do not specify the use of delimiters or 'ignore' instructions for content retrieved from these external tools (SKILL.md). * Capability inventory: The agent has access to tools for creating records/tasks in Attio and drafting or sending emails via Gmail, which could be misused if the agent is manipulated by injected instructions (SKILL.md). * Sanitization: There is no explicit requirement for sanitization or validation of the ingested external content before it is used to generate the Risk Report or recommended actions (SKILL.md).

pipeline-review