The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external sources, including candidate resumes and LinkedIn profiles, without using boundary markers or safety instructions. This surface could allow an attacker to embed malicious instructions in a CV to hijack the agent's logic or access internal data. * Ingestion points: External competency files (Step 2) and candidate background materials (Step 3). * Boundary markers: None; the agent is not instructed to isolate or treat external content as untrusted. * Capability inventory: Access to internal organizational context (shared/company.md), network fetching from user-provided URLs, and PDF export functionality. * Sanitization: No sanitization or validation of the external content is performed before processing.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from LinkedIn URLs provided by the user. This outbound capability, while intended for profile extraction, presents a risk of data exposure if the agent is manipulated via prompt injection to include internal organizational context from the 'shared/' directory in a request to an attacker-controlled endpoint.

interview-guide-generator