The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion processes. \n- Ingestion points: The skill ingests customer data from CSV files (Phase 0) and retrieves external content using web_search and fetch_webpage in Phase 1 of SKILL.md. \n- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat ingested or researched data as untrusted, nor are there warnings to disregard instructions found within that data. \n- Capability inventory: The skill utilizes powerful tools including web_search, fetch_webpage, and setup-outreach-campaign (mentioned in Phase 4), which provides a high-impact path for an attacker to influence agent behavior. \n- Sanitization: The skill does not implement validation or escaping for the data fields before they are used in research queries or email templates.

customer-win-back-sequencer