The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted content from phishing emails, which presents a risk of indirect prompt injection. An attacker could craft an email containing hidden instructions to influence the agent's analysis or trick it into performing unauthorized remediation actions. \n
Ingestion points: The scripts/agent.py tool parses EML files, and the SKILL.md workflow involves the agent reviewing email headers and body content. \n
Boundary markers: There are no explicit delimiters or instructions provided to the agent to help it differentiate between control instructions and the untrusted data being analyzed. \n
Capability inventory: The agent has access to file-reading and network-request capabilities via the provided script, and is provided with high-privilege administrative commands in the documentation. \n
Sanitization: No sanitization or filtering logic is present to identify or neutralize embedded instructions within the email data. \n- [COMMAND_EXECUTION]: The SKILL.md documentation contains high-privilege PowerShell commands for Microsoft 365 environment remediation, such as resetting user passwords and revoking session tokens. While these are necessary for incident response, their availability as clear instructions poses a risk if an agent is manipulated by malicious data. \n- [EXTERNAL_DOWNLOADS]: The agent.py script makes network requests to well-known security platforms, specifically VirusTotal (virustotal.com) and urlscan.io, to perform reputation checks. These operations are essential to the skill's functionality and target reputable services.

conducting-phishing-incident-response