The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill reads several files from workspace/sessions/{name}/ to establish context, which are treated as untrusted data.
Ingestion points: SKILL.md reads content from files including 02-niches.md, 05-offer.md, 06-validation.md, and messaging-implications.md.
Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded within the session files.
Capability inventory: The skill is restricted to file system operations (reading and writing session data) and does not have network access or the ability to execute arbitrary shell commands.
Sanitization: Absent. There is no evidence of validation or filtering for the data ingested from external session files.

sk-leads