The Agent Skills Directory

[PROMPT_INJECTION]: The generate_with_llm function in SKILL.md is vulnerable to indirect prompt injection by interpolating untrusted data directly into a prompt template using f-strings.
Ingestion points: Data from the prospect object (including first_name, last_name, title, company, industry, and company_size) and the context object (including trigger_event, interaction_count, last_sentiment, and sales_stage) are inserted into the prompt in SKILL.md.
Boundary markers: The prompt template lacks robust delimiters or explicit instructions to treat variables as data only, increasing the risk that embedded instructions in the variables could be executed by the LLM.
Capability inventory: The skill is designed for script generation and performance tracking. Based on the provided snippets, it lacks dangerous capabilities such as direct shell command execution or unauthorized filesystem access.
Sanitization: While the code includes a validate_generated_message function to check the LLM's output for length and forbidden phrases, it does not perform any validation or escaping on the input data before it is sent to the LLM.

dynamic-script-generation