The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted data from the internet via the Perplexity tool. * Ingestion points: Untrusted content enters the agent context through output from the mcp__perplexity-ask__perplexity_ask tool. * Boundary markers: Absent; the skill instructions do not provide delimiters or warnings to the agent regarding the potential for embedded instructions in search results. * Capability inventory: The agent has access to file system read tools (Read, Grep, Glob), which could be manipulated by a poisoned web result to reveal local information. * Sanitization: Absent; there is no specification for escaping or validating the external content before processing.

researching-web