The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill directs the agent to read research findings from research/[slug].md (generated by a researcher subagent) without implementing boundary markers or sanitization, creating an attack surface for malicious instructions to influence the agent's behavior. 1. Ingestion points: Research findings are read from the research/ directory after being fetched from external sources. 2. Boundary markers: Absent; no instructions are provided to distinguish research data from the agent's core instructions. 3. Capability inventory: The agent has the ability to write files to the local system and execute tools such as generate_social_image and task. 4. Sanitization: Absent; the skill does not validate the slug parameter or the content of the research findings.

social-media