The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from document contents and metadata.
Ingestion points: Document OCR text and metadata are retrieved via the get_document and search_documents tools.
Boundary markers: No delimiters or ignore instructions are provided to the agent to distinguish document content from instructions.
Capability inventory: High-impact tools are available, including bulk_edit_documents (with delete, merge, and rotate methods) and delete_tag.
Sanitization: Document OCR content is not sanitized or filtered before being presented to the agent.
[COMMAND_EXECUTION]: The skill includes utility scripts (scripts/encode-file.sh and scripts/test-connection.sh) that use system commands like curl and base64 to support legitimate API interactions and file preparation.

paperless-ngx