The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates Indirect Prompt Injection by providing patterns for ingesting data from untrusted external sources.
Ingestion points: Data enters the system via Web.Contents, Web.Page (for scraping), SharePoint.Files, and Folder.Files as documented in SKILL.md and references/m-patterns-cookbook.md.
Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potential commands embedded within the fetched data.
Capability inventory: The skill uses the Power Query engine, which is capable of performing network requests (Web.Contents) and reading from local or network file systems.
Sanitization: While the code includes data type transformations, it lacks specific sanitization logic to detect or neutralize malicious instructions in the source data.
[EXTERNAL_DOWNLOADS]: The skill demonstrates the use of Web.Contents to fetch data from external URLs like https://api.example.com/v2/. Although these are placeholders, the capability to download content from any domain presents a security risk.
[DATA_EXFILTRATION]: The skill shows how to include authentication headers (e.g., Authorization) and build dynamic URLs. This functionality, while legitimate for authentication, could be exploited to exfiltrate information to external servers if a user or agent provides a malicious URL.

power-query-m