The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill demonstrates patterns where data retrieved from external web searches (Tavily, Exa) and URL extraction is interpolated directly into LLM prompts. This content is untrusted and could contain malicious instructions designed to subvert the agent's behavior. Evidence found in SKILL.md examples involving variables like $SEARCH, $CONTENT, and $EVIDENCE. * Ingestion points: Web search results and URL content extracted via the infsh CLI. * Boundary markers: Examples use basic text headers but lack robust delimiters or system-level instructions to treat retrieved content as data only. * Capability inventory: The skill has the ability to execute shell commands and interact with multiple LLM providers. * Sanitization: No explicit sanitization or filtering of retrieved content is shown in the examples.
[COMMAND_EXECUTION]: Unsafe Shell Interpolation. The shell scripts provided in the examples interpolate variables containing raw external data directly into the arguments of other commands. If the data returned by the search tools contains shell-active characters (like backticks or subshells), it could result in unintended command execution on the host system.

ai-rag-pipeline