The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill scripts read external data from FITS file headers and text-based coordinate lists, presenting a surface for untrusted instructions to enter the agent's context. Evidence: 1. Ingestion points: File reading in scripts/fits_info.py (line 15) and scripts/coord_convert.py (line 155). 2. Boundary markers: Absent; data is printed directly to the agent. 3. Capability inventory: The skill is restricted to file reading and stdout display; no network operations, subprocess spawning, or file-write capabilities were detected. 4. Sanitization: Absent; the scripts do not filter or escape content from FITS headers or coordinate files before outputting them.

astropy