The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains a defensive instruction under the 'Prompt injection boundary' section in SKILL.md. It explicitly tells the agent to treat user-supplied materials as data rather than instructions and to ignore or flag common injection patterns like 'ignore previous instructions'. The deterministic detector likely triggered on these literal strings used as examples of what to ignore. No malicious injection attempts were found.
[DATA_EXFILTRATION]: No network operations (curl, wget, fetch) or external data transmission patterns were identified. The skill reads local reference files and a project context file (.health-context.yaml) for analysis purposes only, with no mechanism to send this data externally.
[COMMAND_EXECUTION]: No shell commands, subprocess calls, or system-level operations are requested or present. The skill's behavior is limited to text analysis and document generation.
[REMOTE_CODE_EXECUTION]: The skill does not download or execute external code, scripts, or binaries. It relies entirely on static markdown reference files provided within the skill package.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted user data such as notes and artifacts. It incorporates mitigation instructions to maintain a clear boundary between data and instructions. Due to the absence of dangerous tools, shell access, or network capabilities, the potential impact of such an attack is negligible.

health-product-discovery