The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted inbound SMS data which creates a surface for indirect prompt injection. Ingestion points: Inbound messages are ingested by sms_listen.py via Twilio API polling and Telnyx webhooks, then stored in inbox.jsonl. Boundary markers: sms_respond.py wraps user content in backticks (fenced blocks) and includes explicit warnings to the model that the input is untrusted and should not be treated as structural markup. Capability inventory: The skill has the ability to send network requests to SMS providers (sms_send.py), write to local data files, and execute the claude CLI tool via subprocess (sms_respond.py). Sanitization: The skill uses prompt engineering techniques to separate instructions from data, though it does not perform character-level sanitization on the SMS body before interpolation into the prompt.

sms