The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements logic to process external data that could contain malicious instructions intended to manipulate agent behavior.\n- Ingestion points: Untrusted data enters the agent context through user IDs, attributes, and event properties in lib/batch-processor.ts, lib/async-tracker.ts, lib/dedup-cache.ts, and lib/regional-client.ts.\n- Boundary markers: The skill does not employ delimiters or specific instructions to isolate these data inputs from the agent's executable instructions.\n- Capability inventory: The skill metadata in SKILL.md grants broad permissions including Bash(gh:*), Bash(curl:*), Write, and Edit, which could be exploited if an injection occurs.\n- Sanitization: There is no evidence of data sanitization, validation, or escaping before the external content is processed or passed to the Customer.io client.

customerio-performance-tuning