The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains logic to process external user data, which presents an indirect prompt injection surface. * Ingestion points: Middleware handles req.user objects and audit functions process ClayAuditEntry data (SKILL.md). * Boundary markers: The provided snippets lack delimiters or instructions to ignore malicious content within the processed data. * Capability inventory: The skill is designed to perform write operations to organizational settings and audit databases (SKILL.md). * Sanitization: No input validation or sanitization is demonstrated for the user-controlled fields used in these operations.

clay-enterprise-rbac