The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill's primary function is to retrieve data from external web and proprietary sources, which introduces a surface for indirect prompt injection where malicious instructions could be embedded in the retrieved text. \n- Ingestion points: Methods such as valyu.search() and valyu.contents() (found in references/search-recipes/basic-search-all.md and references/content-recipes/basic-content-extraction-from-web.md) ingest content from arbitrary URLs and search results. \n- Boundary markers: Documentation (e.g., references/integrations/anthropic.md) includes system prompts to guide the agent, but does not consistently implement delimiters or 'ignore' instructions for the retrieved data. \n- Capability inventory: The retrieved data is typically used for summarization or answering queries (as shown in references/answer-recipes/basic-answer.md), often involving tool-use or further processing by the LLM. \n- Sanitization: The provided code examples do not demonstrate sanitization or validation of the fetched external content before it is processed by the AI model.

valyu-best-practices