The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its workflow involves reading and interpreting content from untrusted LaTeX source files and project scripts. Maliciously crafted content in these files could attempt to influence the agent's audit findings.\n- Ingestion points: The skill reads .tex files, codebase scripts (.py, .sh, Makefile), and configuration files (.toml, .yaml, .json).\n- Boundary markers: The instructions do not define delimiters or specific markers to isolate untrusted content from the agent's core logic.\n- Capability inventory: The agent has the ability to read project files, write audit reports, and perform network operations to verify URLs.\n- Sanitization: No sanitization or input validation steps are provided for the data processed from the codebase.\n- [DATA_EXFILTRATION]: The skill includes instructions to verify the validity and content of repository URLs provided in the manuscript. This requires performing network operations to external, user-supplied domains that are not pre-whitelisted.

manuscript-provenance