The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external Cyber Threat Intelligence (CTI) reports containing untrusted data, which presents a surface for indirect prompt injection.
Ingestion points: Untrusted data enters the agent context through CTI report text files read via the --report-files CLI argument in scripts/agent.py and the parse_report method in SKILL.md.
Boundary markers: No delimiters or 'ignore' instructions are used to distinguish report content from agent instructions during processing.
Capability inventory: The skill's capabilities include reading local files and writing JSON-formatted library data and detection templates to the local filesystem.
Sanitization: Extracted text snippets (such as the 'source_sentence' field) are included in the generated output without sanitization or escaping.
[EXTERNAL_DOWNLOADS]: The skill fetches public MITRE ATT&CK enterprise data from the official MITRE GitHub repository to facilitate technique mapping. This is a reference to a well-known and trusted service.

building-attack-pattern-library-from-cti-reports