The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection from untrusted invoice data. 1. Ingestion points: Untrusted data enters the context through PDF/image invoice processing and metadata extraction (SKILL.md). 2. Boundary markers: None are present to distinguish between extracted data and instructions. 3. Capability inventory: The skill performs file system manipulation using fs.renameSync. 4. Sanitization: The provided code pattern demonstrates direct use of extracted variables (vendor, amount) in file paths without escaping or validation, which could facilitate path traversal if the invoice content is maliciously crafted.

invoice-organizer