The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs network operations using curl (referenced in resources/api-reference.md) and MCP tools (referenced in SKILL.md) to interact with the vendor's API at api.orq.ai. These operations are used to manage agents, evaluators, and experiments, and they utilize an API key supplied via environment variables. This represents normal vendor functionality.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from production traces and external datasets.
Ingestion points: Untrusted data enters the context through list_traces, get_span, and get_experiment_run calls (referenced in SKILL.md and resources/api-reference.md) which retrieve logs and messages from previous LLM interactions.
Boundary markers: While the skill uses template variables like {{log.messages}} (referenced in resources/rag-evaluation.md), there are no explicit instructions to use secure delimiters or guardrail prompts to prevent the agent from obeying instructions embedded within the trace data.
Capability inventory: The skill has broad capabilities including file system access (Write, Edit), shell execution (Bash), and API interaction via the orq* tools (defined in SKILL.md).
Sanitization: There is no evidence across the skill's files of content sanitization or validation for the data retrieved from external traces before it is interpolated into prompts or used for analysis.

run-experiment