The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external audit log data, which presents an indirect prompt injection surface.
Ingestion points: Log data is ingested from local JSON files via the CLI in scripts/agent.py.
Boundary markers: No explicit markers are used to isolate untrusted data from processing logic.
Capability inventory: The script is limited to local file system operations (read and write) and lacks network or subprocess execution capabilities.
Sanitization: Input is parsed as structured JSON but does not undergo content-based sanitization for security contexts.
[SAFE]: The skill includes references to trusted libraries and documentation from Microsoft and the AzureAD GitHub organization, which are documented neutrally.

detecting-email-account-compromise