The Agent Skills Directory

[COMMAND_EXECUTION]: The provided scripts and code snippets are designed to perform network requests and local file system operations. Specifically, the agent reads user-provided files (e.g., email lists and text dumps) and communicates with external security services to verify if credentials have been compromised. These actions are within the scope of the skill's intended use for threat intelligence.
[PROMPT_INJECTION]: The skill facilitates the ingestion of data from external sources like Pastebin and GitHub, which creates a surface for indirect prompt injection.
Ingestion points: Untrusted content enters the agent's context through web scraping and API calls in the PastebinMonitor and GitHubSecretMonitor classes, as well as through local file reads in the scan_text_for_credentials function.
Boundary markers: The instructions and scripts do not implement specific boundary markers or 'ignore' instructions to isolate the ingested data from the agent's logic.
Capability inventory: The skill utilizes network capabilities (requests) and file system access (reading/writing files via pathlib and os).
Sanitization: There is no explicit sanitization of the external text content; however, the skill relies on strict regex pattern matching to extract credentials rather than processing the text as natural language instructions, which significantly reduces the likelihood of the agent executing embedded commands.

performing-paste-site-monitoring-for-credentials