The Agent Skills Directory

Prompt Injection (LOW): The skill establishes a broad surface for Indirect Prompt Injection (Category 8) by providing templates designed to process untrusted external data (e.g., sales reports, contracts, support tickets).
Ingestion points: Numerous files in the examples/ directory use curly-brace placeholders (e.g., {{SALES_DATA}}, {{CONTRACT_TEXT}}, {{USER_MESSAGE}}) to interpolate external content into the model prompt.
Boundary markers: The skill effectively mitigates this risk by providing a dedicated guide on XML tags (reference/techniques/01-xml-tags.md), which instructs the agent to use tags like <context> and <input> to provide clear visual and semantic separation between instructions and data.
Capability inventory: Across all 19 files, no executable scripts, system calls, or network operations are defined. The skill is strictly documentation and prompt templates.
Sanitization: While the skill promotes structural delimiters, it does not explicitly mention sanitizing or escaping the data interpolated into the placeholders.
Metadata Deception (SAFE): Throughout the skill, the documentation refers to non-existent LLM versions (e.g., Claude 4.5, GPT 5.1, Gemini Pro 3.0). While factually incorrect and likely the result of synthetic data generation or hallucinations, this does not pose a direct security threat to the agent's operation.

prompt-engineer