The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the direct interpolation of user input. \n- Ingestion points: The $ARGUMENTS variable in SKILL.md allows untrusted external data to be placed directly into the agent's prompt context. \n- Boundary markers: The prompt lacks delimiters such as triple quotes, XML tags, or specific instructions to treat the interpolated text as data rather than instructions. \n- Capability inventory: The skill does not define any external tools, file system access, or network capabilities, which mitigates the impact of successful exploitation. \n- Sanitization: No input validation or filtering is applied to the $ARGUMENTS variable before interpolation.

better-writer