The Agent Skills Directory

[Indirect Prompt Injection] (LOW): Potential vulnerability surface detected via web ingestion tools. Evidence Chain: 1. Ingestion points: External data enters the agent context via WebSearch and WebFetch tools. 2. Boundary markers: Absent; no delimiters or 'ignore instructions' warnings are provided to separate fetched data from system prompts. 3. Capability inventory: The agent has the ability to Write results to the local filesystem at docs/analysis/. 4. Sanitization: There is no evidence of sanitization or escaping of external content before it is processed or written to disk.

pm-analyst