The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data (email content), which presents a theoretical attack surface for indirect prompt injection.
Ingestion points: The scripts/agent.py and scripts/process.py utilities read email body text and structured email data from local files provided as command-line arguments.
Boundary markers: The provided scripts and workflows do not implement specific boundary markers or 'ignore' instructions to isolate processed email content from the agent's core logic.
Capability inventory: The skill's scripts are restricted to file system read operations and localized result logging/baseline training (writing to specified output files); they do not possess network access or systemic modification capabilities.
Sanitization: Content is analyzed using regular expressions and statistical NLP methods. No sanitization or escaping is applied to the input text before processing.
[SAFE]: All external references and mentioned platforms (Microsoft Graph API, Microsoft Defender, Abnormal Security, Tessian, etc.) are well-known, reputable technology services in the cybersecurity domain.

detecting-business-email-compromise-with-ai