The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from web search results to generate reports. 1. Ingestion points: Web search results and signal extraction from external news sources (SKILL.md, references/workflow-execution.md). 2. Boundary markers: Uses structured markdown templates and signal extraction headers to delimit external content from internal instructions. 3. Capability inventory: Uses shell commands via subprocess calls (mkdir, cat) to manage file output. 4. Sanitization: Employs strict slugification rules to sanitize filenames and includes a fact-checking protocol with confidence levels to validate external claims.
[COMMAND_EXECUTION]: The skill uses shell commands for legitimate file system organization and output storage. Evidence: Uses mkdir -p and cat in SKILL.md and workflow-execution.md to create dated report directories and save markdown files. Context: These commands are used for local workspace organization and are guarded by logic that sanitizes filenames to prevent command injection in the path.

coolhunter