The Agent Skills Directory

[DATA_EXFILTRATION]: The script scripts/agent.py performs an authenticated network request to https://api.serendb.com/wallet/balance to verify account balances. This request targets the developer's own infrastructure for the purpose of operational checks.
[PROMPT_INJECTION]: The skill's workflow involves ingesting untrusted data, which creates a surface for indirect prompt injection. * Ingestion points: The skill collects logs and chat history from customer environments as specified in SKILL.md (steps 4 and 5). * Boundary markers: No specific delimiters are defined in the workflow to separate untrusted data from the agent's internal instructions. * Capability inventory: The skill has access to web browsing capabilities via connector.playwright.post and storage operations via connector.storage.post, which could be exploited if malicious content in logs influences the agent's logic. * Sanitization: The skill includes a redact_and_minimize step using the transform.redact_sensitive tool to remove PII before storage.

customer-support-intake