The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it uses data from invoices.json in its templates without safety boundaries. * Ingestion points: Invoice records are read from invoices.json as documented in the '督促状況の記録' section. * Boundary markers: There are no delimiters or specific instructions to the agent to disregard commands within the invoice data. * Capability inventory: The agent generates reminder email text and can trigger downstream actions via the /escalate command. * Sanitization: No validation, escaping, or sanitization mechanisms are described for the ingested data fields.

fukugyo-payment