The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests external research reports and meeting summaries from the Gangtise API, creating a surface for indirect prompt injection.\n
Ingestion points: Content is retrieved in scripts/query_kb.py, scripts/indicator.py, and scripts/meeting_list.py.\n
Boundary markers: Data is provided to the agent without delimiters or instructions to ignore nested instructions within the fetched text.\n
Capability inventory: The skill has network access via scripts/_client.py and file system write access in scripts/download_resource.py.\n
Sanitization: scripts/clean_md.py performs HTML-to-Markdown conversion but does not filter content for malicious natural language instructions.\n- [SAFE]: SSL certificate verification is disabled in scripts/_client.py using ssl.CERT_NONE, which facilitates functionality through certain proxies but increases susceptibility to Man-in-the-Middle (MitM) attacks.\n- [SAFE]: API credentials are handled using best practices, including support for environment variables and the use of restricted file permissions (0o600) for local configuration and cache files.

gangtise-kb