The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is designed to process untrusted construction data from external sources.\n * Ingestion points: User-provided project data (CSV, Excel, JSON) and file paths.\n * Boundary markers: Absent; the instructions do not define delimiters to separate untrusted data from the system prompt.\n * Capability inventory: The skill requests high-privilege 'filesystem' access in claw.json.\n * Sanitization: Natural language instruction to 'validate inputs' is present, but no specific sanitization logic is visible.\n- [Data Exposure] (LOW): The skill requests 'filesystem' permission and explicitly processes user-provided 'file paths'. Without visible validation or sandboxing, this creates a risk of path traversal or unauthorized access to sensitive local files (e.g., credentials or configuration files) if the agent is directed to those paths.\n- [Unverifiable Implementation] (LOW): The instructions frequently refer to a missing 'SKILL.md' file for the 'detailed implementation code, classes, and methods,' preventing a complete security audit of the agent's actual operational logic.

data-anomaly-detector