The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The generate_hyde function interpolates the untrusted query variable directly into an LLM prompt. Since there are no boundary markers or sanitization logic, an attacker can use this to manipulate the generated hypothetical document, poisoning the retrieval process and influencing downstream agent decisions. 1. Ingestion point: query parameter in generate_hyde and HyDEService.generate. 2. Boundary markers: Absent (direct interpolation). 3. Capability inventory: Generates hypothetical text and embeddings used to influence RAG retrieval. 4. Sanitization: Absent.
[Metadata Poisoning] (MEDIUM): The skill documentation and implementation reference fictional model versions (gpt-5.2-mini, claude-haiku-4-5). This misleading metadata can cause execution failures or mislead users regarding the skill's requirements and actual tested capabilities.

hyde-retrieval