The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from multiple external sources and passes it directly to the AI agent. Ingestion points: scripts/telegram_bot.py (Telegram messages), scripts/discord_bot.py (Discord messages and commands), scripts/api_gateway.py (API query field), and SKILL.md (webhook payloads). Boundary markers: The implementation lacks clear delimiters or 'ignore embedded instructions' warnings around external input before processing. Capability inventory: All agents across scripts utilize the core SpoonReactMCP capabilities which are subject to manipulation via the lack of input control. Sanitization: There is no evidence of input validation, escaping, or filtering of the content received from external platforms.

spoonos-platform-integration