The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to ingest and process data from untrusted external sources into structured models while possessing significant system capabilities. \n- Ingestion points: SKILL.md Step 5 specifies reading data from CMS APIs, remote databases, external APIs, and local MDX files. \n- Boundary markers: There are no instructions to use delimiters or warnings to ignore embedded instructions within the fetched data. \n- Capability inventory: The skill allows the use of Bash, Write, Edit, and Glob tools, which provide extensive control over the environment. \n- Sanitization: No logic is provided for sanitizing or escaping content before it is processed or written to files. \n- [COMMAND_EXECUTION] (HIGH): The skill requests the Bash tool and instructs the agent to implement data-fetching layers and validation scripts. This provides a direct path for executing arbitrary commands if the agent is manipulated by data from the ingested sources. \n- [DATA_EXFILTRATION] (MEDIUM): The architecture involves moving data between local storage and external APIs/CMS. This setup creates a mechanism for exfiltrating sensitive local data or environment variables through the data-fetching layer. \n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to remote infrastructure (CMS, APIs, Databases). Since these sources are not within the Trusted External Sources list, the interaction with these unverified endpoints poses a risk of downloading malicious content.

pseo-data