The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its multi-layered intelligence model that ingests untrusted data from multiple sources. 1. Ingestion points: Untrusted data enters the agent's context through the web_search capability used for prospect enrichment (Layer 2), the personalization_data input object, and historical data retrieved from CRM and meeting transcripts (Layer 3). 2. Boundary markers: There are no instructions to use specific delimiters or markers (e.g., XML tags or triple quotes) to separate untrusted external content from the core instructions, increasing the risk that malicious content from a searched website could be interpreted as agent commands. 3. Capability inventory: The skill utilizes the web_search capability to interact with the external internet. 4. Sanitization: The instructions lack explicit requirements for sanitizing, escaping, or validating the content retrieved from web searches or CRM history before it is interpolated into the final email generation prompts.

Sales Outreach Sequence