The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted user-provided files, which can contain malicious instructions intended for downstream processing. (1) Ingestion points: Files such as CSV, PDF, and HTML are processed as described in SKILL.md. (2) Boundary markers: No explicit isolation markers or 'ignore' instructions for file content are defined. (3) Capability inventory: The delegated skills (data-analysis, data-base) possess capabilities for data processing and network access. (4) Sanitization: The skill validates that filenames are ASCII-only to prevent certain injection techniques but does not sanitize the actual file contents.

data-files