The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill ingests data from an external API that can be controlled by third parties, creating a significant attack surface.
Ingestion points: examples/pipeline_report.py (via fetch_deals and fetch_contacts) and examples/basic_operations.py (via list_contacts and list_deals) fetch unstructured text fields from the Zero CRM API.
Boundary markers: Absent. There are no delimiters or 'ignore' instructions used when the agent processes CRM fields like notes or title.
Capability inventory: The skill includes the capability to create, update, and delete CRM records (requests.post, requests.patch, requests.delete in examples/basic_operations.py).
Sanitization: Absent. The data is processed as raw strings, allowing embedded instructions in a CRM record to potentially influence the agent's next steps or decision-making process.
Data Exposure (LOW): The skill facilitates the use of an API key stored in a .env file. While it correctly advises against committing the key to version control, the usage of the key in scripts/test_api.py as a command-line argument can lead to the key being exposed in process listings or shell history.

zerocrm