The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design as it allows the agent to process data from an untrusted source (Slack messages). * Ingestion points: The 'readMessages' action in SKILL.md allows the agent to fetch content from Slack channels. * Boundary markers: The skill does not provide any delimiters or instructions to differentiate between system instructions and data ingested from Slack. * Capability inventory: The skill includes several sensitive actions such as 'sendMessage', 'editMessage', 'deleteMessage', and 'pinMessage' (SKILL.md) which could be triggered by malicious instructions hidden in messages. * Sanitization: There is no evidence of message content sanitization or validation.
[NO_CODE]: The skill contains no executable scripts or binaries and consists entirely of documentation and instructions in SKILL.md.

slack