The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted document content (PDFs, images) and interpolates it into prompts for Snowflake Cortex AI functions, creating a surface for indirect prompt injection. * Ingestion points: Untrusted documents are ingested from Snowflake stages (internal or external) as defined in SKILL.md. * Boundary markers: The skill uses basic labels like 'DOCUMENT CONTENT:' and 'DOCUMENT:' to delimit document text, but lacks robust delimiters or safety instructions to prevent the model from obeying instructions embedded within processed files. * Capability inventory: The skill utilizes AI_EXTRACT, AI_PARSE_DOCUMENT, and AI_COMPLETE for processing. It includes Python stored procedures that perform file read/write operations within Snowflake stages using session.file.get and FileOperation.put. * Sanitization: There is no evidence of sanitization or filtering of the extracted document content before it is processed by the AI models.
[COMMAND_EXECUTION]: The skill generates and provides SQL commands for the user to execute, including the creation of stages, tasks, streams, and Python stored procedures. * The Python code for stored procedures (extract_pdf_pages, split_document_into_chunks, convert_pdf_to_images) is embedded in SQL and executed within the Snowflake environment's secure sandbox. * These procedures use standard libraries such as PyPDF2, pdf2image, and Pillow for document processing tasks.

document-intelligence