The Agent Skills Directory

Indirect Prompt Injection (INFO): The skill ingests untrusted data from an external provider (Hunter.io) which could potentially contain malicious instructions.\n
Ingestion points: External content is retrieved via the refly workflow toolcalls command in SKILL.md after the workflow execution finishes.\n
Boundary markers: No specific delimiters or instruction-ignore warnings are present in the provided execution logic to prevent the agent from obeying instructions embedded in the retrieved emails.\n
Capability inventory: The skill is limited to shell commands for workflow management and data extraction for display (refly CLI tools). It does not possess write or direct command execution capabilities beyond the Refly platform's scope.\n
Sanitization: There is no evidence of sanitization of the external content before it is returned to the agent context.\n- No Code (LOW): The skill does not provide any local source code (e.g., Python or JavaScript) for auditing. It relies entirely on a remote workflow ID (c-yy5s998sby8jaqrhmjnjq5im) and the refly CLI, making its internal logic unverifiable via static analysis.

hunter