The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill retrieves text from an untrusted third-party source (prompts.chat) which may contain malicious instructions.
Ingestion points: The get_prompt and search_prompts tools (defined in SKILL.md) ingest external content into the agent context.
Boundary markers: Absent. The skill does not use any delimiters or specific instructions to isolate the retrieved prompt text from the agent's internal reasoning.
Capability inventory: The skill fetches instructions that are specifically designed for an AI to follow, which is a high-risk vector for indirect injection.
Sanitization: Absent. No evidence of content filtering or safety validation is provided for the fetched data.
External Data Exposure (LOW): The improve_prompt tool transmits user-provided prompt data to an external MCP server, which may lead to the disclosure of sensitive information to the third-party service provider.

prompt-lookup