The Agent Skills Directory

[PROMPT_INJECTION]: The skill outlines a design for 'Semantic Verification' (Step 5) where an LLM evaluates execution traces and logs against a contract. This constitutes an ingestion surface for indirect prompt injection because malicious data within the traces could attempt to influence the verification process. Evidence chain: 1. Ingestion points: Execution traces and logs (SKILL.md Step 5). 2. Boundary markers: The skill suggests using rubrics and contracts but does not explicitly mandate data isolation delimiters. 3. Capability inventory: None; the skill contains no executable scripts, tools, or network operations. 4. Sanitization: Step 2 recommends redacting secrets and credentials from logs.

grace-verification