The Agent Skills Directory

[PROMPT_INJECTION]: The skill documents architectural patterns for AI agent loops and LLM pipelines (in references/ai-patterns.md) that ingest untrusted data, such as user-provided goals, conversation history, and tool execution outputs. This creates a surface for indirect prompt injection where malicious content in processed data could attempt to influence the agent's orchestration logic or activity execution.
Ingestion points: Workflow state (state.goal), conversation history arrays, and tool response data in ai-patterns.md and references/typescript-sdk.md.
Boundary markers: The provided code templates do not demonstrate the use of delimiters or specific instructions to the LLM to ignore embedded commands within ingested variables.
Capability inventory: The documented workflows have the capability to execute activities that perform network operations (using AsyncAnthropic, OpenAI, or fetch), execute arbitrary tools, and interact with external storage.
Sanitization: The patterns do not explicitly include sanitization, validation, or escaping of external content before it is interpolated into LLM prompts or processed by tool-dispatching logic.

temporal