The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from incoming emails and calendar invites. 1. Ingestion points: The list, get, and search commands ingest external content from Outlook folders as documented in SKILL.md and reference/cli.md. 2. Boundary markers: No explicit delimiters or instructions are used to isolate ingested email content from the agent's instructions. 3. Capability inventory: The agent can send emails, create meetings, and save attachments as described in the workflows in SKILL.md. 4. Sanitization: No sanitization or filtering of ingested content is mentioned in the provided documentation or JSON output schemas.
[COMMAND_EXECUTION]: The skill executes a local Python CLI tool via the uv run command at a hardcoded path (C:/Users/GordonMickel/work/outlookctl). This tool interacts with the Windows COM automation interface to control the Outlook application and performs file system operations such as saving attachments.

outlook-automation