The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface.\n
Ingestion points: The skill instructions involve reading external data from job.get_log() and job activity status messages as seen in SKILL.md and references/recipe-errors.md.\n
Boundary markers: Absent. No protective delimiters or instructions to ignore potential commands embedded within the logs are implemented.\n
Capability inventory: The agent utilizes capabilities such as recipe.run(), settings.save(), and schema_updates.apply() which could be manipulated by malicious input from logs.\n
Sanitization: Absent. No validation or sanitization of the log content is performed before it is processed by the agent.\n- [CREDENTIALS_UNSAFE]: Potential for sensitive credential exposure.\n
The documentation in references/connection-errors.md suggests using echo $DSS_API_KEY | head -c 10 for verification, which can leave portions of the secret in shell history files.\n- [COMMAND_EXECUTION]: Shell command instructions for environment configuration.\n
references/environment-errors.md provides commands like export $(grep -v '^#' .env | xargs) to load environment variables, which involves executing shell logic on local files.

troubleshooting