The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). * Ingestion points: Processes local codebase files (SKILL.md, Step 1) and external web content including search results, job postings, and LinkedIn profiles (SKILL.md, Step 3). * Boundary markers: None. The instructions do not define delimiters for untrusted data or include warnings to ignore instructions embedded in the analyzed material. * Capability inventory: Combines local file-read access (codebase), network access (web search/research), and potential file-write capabilities (CSV export). * Sanitization: Absent. The skill does not escape or validate content retrieved from the web before processing it for decision-making.
DATA_EXFILTRATION (MEDIUM): The 'analyze the codebase' instruction (Category 2) presents a data exposure risk. * Evidence: SKILL.md (Section: Instructions, Step 1) explicitly directs the agent to ingest the repository to understand the product. This behavior can lead to the unintended ingestion of sensitive files such as .env, API keys, or private internal documentation into the agent's context, where it could be exfiltrated via the research process or output summaries.

lead-research-assistant