The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted external data from Bitrix24 which could contain malicious instructions.
Ingestion points: Data enters the agent context via methods like crm.lead.list (core), im.dialog.messages.get (comms), and event.offline.get (core/events).
Boundary markers: The provided documentation does not specify the use of delimiters or explicit 'ignore instructions' wrappers when processing these data streams.
Capability inventory: The agent has significant write and destructive capabilities via scripts/bitrix24_client.py, including crm.lead.update, im.message.add, and sonet_group.delete.
Sanitization: No explicit sanitization or validation logic is mentioned for the content of the ingested CRM fields or chat messages before they are processed by the LLM.
Command Execution (SAFE): The skill uses a local Python script (bitrix24_client.py) to interface with the Bitrix24 API. The usage patterns include safety flags like --confirm-write, --confirm-destructive, and --plan-only, which mitigate the risk of accidental or unauthorized execution of dangerous commands.
Data Exposure (SAFE): While the skill requires sensitive credentials (e.g., B24_WEBHOOK_CODE, B24_ACCESS_TOKEN), it explicitly instructs users never to expose these secrets and manages them through environment variables, which is a standard and acceptable practice.

bitrix24-agent