The Agent Skills Directory

Prompt Injection (LOW): The skill is susceptible to indirect prompt injection through the ingestion of untrusted user data. Ingestion points: Freeform trace annotations are ingested in various formats (JSON, CSV, text) as described in Step 1 of SKILL.md. Boundary markers: The prompt pattern provided for LLM-assisted clustering lacks delimiters and explicit instructions to disregard embedded commands within the 'open-coded' notes. Capability inventory: The agent performs data analysis and generates multiple file outputs (JSON, CSV, MD) based on processed content as described in output-formats.md. Sanitization: No sanitization or validation logic is defined to mitigate malicious instructions within processed annotations.
NO_CODE (SAFE): No executable scripts or source code are included in the skill; it consists entirely of instructional markdown and schema documentation.

failure-taxonomy