The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted CRM data from DuckDB, creating a surface for indirect prompt injection. 1. Ingestion points: CRM data accessed via SQL from tables like v_leads. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are included in the prompt templates. 3. Capability inventory: SQL execution, JSON report generation, and file writing to the workspace reports directory. 4. Sanitization: No data sanitization or validation is mentioned in the workflow.

pipeline-analytics