The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external data files, creating a surface for indirect prompt injection.
Ingestion points: The Python scripts scripts/gdpr_scan.sh and scripts/report_generator.py process files and directories from the input paths provided by the user.
Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the script logic to protect the agent from malicious content within scanned files.
Capability inventory: The skill is granted broad permissions including Bash(security:*), Bash(scan:*), and Bash(audit:*), alongside file read/write access.
Sanitization: There is no evidence of content sanitization or validation of the files' text before it is processed by the agent.
[COMMAND_EXECUTION]: The SKILL.md metadata allows broad Bash tool access using wildcards (e.g., Bash(security:*)), which provides more permissions than may be strictly necessary for the scanning tasks and increases the potential impact of a prompt injection.

scanning-for-gdpr-compliance