The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill architecture described in references/workflow.md and references/quick-guide.md heavily utilizes automated web_search (15-30 operations) to gather data for report generation. This processes untrusted external content that could contain malicious instructions.
Ingestion points: Step 3 (Hypotheses formation) and Step 6 (Data collection) utilize web searches to pull external content into the agent's context.
Boundary markers: Absent. The provided reference files do not contain instructions for the agent to use delimiters or 'ignore embedded instructions' warnings when processing search results.
Capability inventory: The agent possesses network search capabilities and the ability to generate complex files (Excel/PPT) using the mckinsey-ppt-v4 tool.
Sanitization: Absent. There is no evidence of validation or filtering logic for external content before it is interpolated into page layouts.
[Dynamic Execution] (LOW): The 'Progressive Disclosure' architecture described in references/V2_vs_V3_comparison.md utilizes dynamic loading of instructions via file_read and state management commands like clear_context(). While intended for token optimization, this represents a sophisticated runtime instruction management approach that could be exploited if file paths were manipulated.

mckinsey-consultant