The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The Python code examples in SKILL.md demonstrate the use of plain-text dictionaries to store sensitive credentials such as API keys, SMTP passwords, and portal passwords. While the provided values are placeholders, the implementation pattern is inherently unsafe for production environments.
[COMMAND_EXECUTION]: The InvoiceProcessingBot class utilizes the selenium library to automate web browser sessions, allowing the agent to interact with external supplier portals and internal ERP systems.
[EXTERNAL_DOWNLOADS]: The automation scripts are designed to download external files (PDF invoices) from remote supplier portals to a local /downloads directory for processing.
[PROMPT_INJECTION]: The skill implements an indirect prompt injection surface. Ingestion points: InvoiceProcessingBot.extract_invoice_data (SKILL.md) reads OCR text from external files. Boundary markers: Absent. Capability inventory: requests.post and selenium interactions (SKILL.md). Sanitization: Primitive regex parsing in parse_invoice_text (SKILL.md). Malicious content within an invoice could potentially influence the automated actions taken in the ERP system.

supply-chain-automation