The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill enables an environment where untrusted data can influence agent actions through various vectors. Ingestion points: The agent utilizes WebSearch to fetch external data and Read, Grep, and Glob to process existing files, both of which are attacker-controllable. Boundary markers: The skill definition lacks explicit delimiters or instructions to ignore embedded prompts in processed content. Capability inventory: The skill is granted powerful capabilities including Bash for command execution and Write/Edit for file modification, providing an exploitation path for injected instructions. Sanitization: There is no logic for sanitizing or validating external content before it is processed by the agent.

fastapi-coder