The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data retrieved from the Knowledge Base (via kb_search) and incorporates it into a markdown report written back to the Knowledge Base (via kb_write_artifact). While the data is intended to be token counts, the lack of sanitization creates a surface for indirect prompt injection. (1) Ingestion points: Data is retrieved via kb_search in SKILL.md. (2) Boundary markers: No delimiters or instructions to ignore embedded content are present in the report generation logic. (3) Capability inventory: The skill has the capability to write artifacts using kb_write_artifact in SKILL.md. (4) Sanitization: No input validation or escaping is performed on the retrieved token usage data before formatting.

token-report