The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data and incorporates it into a generated HTML file, creating an indirect prompt injection surface. Ingestion points: list_findings (extracts quotes from external calls), get_event_detail (fetches deal narratives), and search_resources (reads uploaded CRM exports). Boundary markers: None specified in the generation instructions. Capability inventory: File system write to .octave-reports/ and instruction to open the file in the browser. Sanitization: Absent; no instructions to escape or validate content before inlining it into the HTML body or script blocks.
[EXTERNAL_DOWNLOADS]: The skill fetches assets from a well-known service for styling. Evidence: Links to Google Fonts (fonts.googleapis.com) to provide typography for the generated reports.

win-loss-report