The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing external PDF files.
Ingestion points: Scripts like extract_form_field_info.py and fill_fillable_fields.py read PDF content directly into the agent context.
Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat extracted PDF content as potentially untrusted.
Capability inventory: The skill can create and modify files, and the documentation suggests the execution of system CLI tools.
Sanitization: Extracted text is not sanitized or validated before being used by the agent.

pdf