The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted text data. * Ingestion points: Untrusted data enters the agent context through product descriptions, invoice text, news articles, and chat inputs defined in SKILL.md. * Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present to protect the processing logic. * Capability inventory: The skill is restricted to local model inference; it does not have the capability to access sensitive files, execute subprocesses, or perform network operations for data exfiltration. * Sanitization: No input sanitization or validation is applied to the processed text.
[EXTERNAL_DOWNLOADS]: The skill fetches model weights and configurations from the Hugging Face Model Hub, which is recognized as a well-known service. This includes trusted models from Microsoft and research institutions.

nlp-supply-chain