The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill documentation describes searching document contents via the fullText field, which creates a surface for indirect prompt injection. \n
Ingestion points: The fullText field in drive-queries.md allows the agent to search and potentially process untrusted data from document contents and descriptions. \n
Boundary markers: No specific delimiters or safety instructions (e.g., "ignore embedded instructions") are defined for handling the results of these queries. \n
Capability inventory: The referenced scripts/google-drive.py allows listing and filtering files based on their content. \n
Sanitization: The documentation does not specify any sanitization or validation of the retrieved content before it is processed by the agent.

google-drive