The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains defensive instructions specifically warning the agent to ignore prompt injection attempts (such as 'ignore previous instructions') that may be present within upstream API response bodies. This is a security hardening measure.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process data from external APIs.
Ingestion points: API response bodies returned via the secretctl request command in SKILL.md.
Boundary markers: The instructions provide explicit directives to treat all response content as untrusted data and not as instructions.
Capability inventory: The skill utilizes the Bash(secretctl:*) tool to perform authenticated network operations.
Sanitization: The instructions explicitly forbid piping raw response content to interpreters (sh, bash, eval, python) or constructing shell commands from response data.
[COMMAND_EXECUTION]: The skill instructs the agent to use the secretctl CLI tool. It enforces a security policy where the agent must not attempt to install the tool itself and must only use it for approved hostnames listed by the broker.

sesame