The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted content from external emails, creating a surface for indirect prompt injection.
Ingestion points: The scripts/src/email.ts script fetches email subjects and full message bodies from the Microsoft Graph API.
Boundary markers: The retrieved data is output as raw JSON without specific delimiters or warnings to the agent to ignore embedded instructions.
Capability inventory: The skill is configured with Bash(node:*) permissions to execute its internal logic.
Sanitization: No sanitization or filtering of the retrieved email content is performed before it is passed to the agent's context.

ms365