The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection as it processes untrusted data from external web applications.
Ingestion points: Data enters the agent context via camofox snapshot, camofox errors, and camofox console in SKILL.md.
Boundary markers: No delimiters are present to separate system instructions from retrieved website content.
Capability inventory: The agent can click, type, and navigate within a browser using the camofox toolset.
Sanitization: No sanitization is performed on the ingested content before it is processed.

dogfood