The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes content from untrusted external websites provided by the user or found via search.
Ingestion points: The skill uses web-fetch and web-search integrations to ingest content from arbitrary external URLs (SKILL.md).
Boundary markers: The instructions lack explicit boundary markers or directives to the agent to disregard potential instructions embedded within the fetched content.
Capability inventory: The skill has read access to the user's profile, interests, and the entire vault for coverage checks, and can trigger downstream actions like saving data (SKILL.md).
Sanitization: There is no specified sanitization or validation of the fetched content before it is analyzed for relevance and quality.
[DATA_EXFILTRATION]: The skill accesses sensitive personal files, including 00-inbox/MY-PROFILE.md and 00-inbox/MY-INTERESTS.md, and performs searches across the entire vault to identify existing content coverage. While intended for personalization and deduplication, this represents a broad read access to the user's knowledge base.
[NO_CODE]: This skill consists solely of instructions and does not include any executable scripts, binary files, or external package dependencies.

scout