The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted financial data that could contain malicious instructions.- Ingestion points: Transaction descriptions, vendor names, and amounts are retrieved via the transaction_search, spending_summary, and anomaly_detect tools as described in SKILL.md.- Boundary markers: The workflow and the 'Digest Template' do not define clear delimiters or include instructions for the agent to ignore potentially malicious content embedded within transaction strings.- Capability inventory: The skill's capabilities are restricted to searching, summarizing, and displaying data to the user, with an option to export results as Markdown. No high-risk actions like network requests or shell execution are triggered by this data.- Sanitization: There is no evidence of sanitization, filtering, or validation of the external transaction data before it is interpolated into the final report template.

monthly-digest