The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted product data and interpolates it directly into inquiry scripts, creating a surface for indirect prompt injection.\n
Ingestion points: The input.candidates array in reference/sourcing_assistant.mjs accepts data from preceding skills.\n
Boundary markers: No delimiters or ignore instructions are used when embedding product names or keywords in the inquiry_script string.\n
Capability inventory: The skill lacks dangerous capabilities such as network access, file-system writing, or command execution.\n
Sanitization: Input strings from the candidates array are not sanitized or validated before being placed into output fields.

skill-d-sourcing-assistant