The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted metadata—such as file names, user-defined tags, and activity logs—from cloud providers (Google Drive, OneDrive, AWS S3) and local sync artifacts. This data is aggregated into forensic reports which could influence downstream AI agents if processed without sanitization.\n
Ingestion points: API responses handled in SKILL.md and scripts/agent.py, and local SQLite databases/log files parsed in scripts/process.py.\n
Boundary markers: Absent; metadata is interpolated directly into JSON and text reports without delimiters or protective instructions.\n
Capability inventory: The skill performs file system writes (os.makedirs, open), downloads remote objects (boto3.download_file), and possesses the ability to delete S3 delete markers (s3.delete_object as documented in references/api-reference.md).\n
Sanitization: There is no evidence of validation or sanitization of external metadata content before inclusion in evidence logs. Additionally, a minor metadata inconsistency exists between the author name in SKILL.md ('mahipal') and the license ('mukul975').\n- [DATA_EXFILTRATION]: The skill accesses sensitive local file paths, including AppData/Local/Microsoft/OneDrive, AppData/Local/Google/DriveFS, and AppData/Local/Dropbox, to collect synchronization artifacts. While these actions are central to the skill's forensic purpose and occur locally, they involve access to highly sensitive user data.

performing-cloud-storage-forensic-acquisition