The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection. The skill processes untrusted deal and meeting data from external sources (CRMs, SQL databases, and CSV files) to generate reports using LLM reasoning. This creates a surface where malicious content embedded in CRM fields could attempt to hijack the agent's instructions during the report generation phase. Ingestion points: Salesforce, HubSpot, Pipedrive, Close, Supabase, Google Sheets, Notion APIs, and local CSV files. Boundary markers: The instructions do not specify any delimiters or safety markers to isolate processed data from the agent's core instructions. Capability inventory: The skill utilizes file system access (read/write), external API interactions via tools, and communication capabilities (Slack, Email via agentmail). Sanitization: No explicit data sanitization, validation, or escaping procedures are described for the ingested data before it is analyzed by the model.
[DATA_EXFILTRATION]: The skill is designed to extract sensitive sales and deal data and provides functionality to export this information to external platforms such as Slack, Email, and Notion. While these are intended features for business reporting, they establish a pipeline for sensitive data movement that requires oversight to ensure data is not redirected to unauthorized destinations.

pipeline-review