The Agent Skills Directory

[Indirect Prompt Injection] (SAFE): The skill demonstrates patterns for handling user-provided messages in an AI chat context. While this introduces an ingestion surface for untrusted data, it is the primary purpose of the SDK and standard implementation. * Ingestion points: messages object extracted from req.json() in server-side route handlers. * Boundary markers: Absent in the basic implementation documentation. * Capability inventory: Metadata requests tools like Bash, Write, and Task, which could be targeted if an agent follows malicious instructions in user data. * Sanitization: No explicit sanitization or filtering of message.parts is shown in the provided snippets.

ai-sdk-5