The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process data from external, untrusted sources including company blogs, trade media, and X (formerly Twitter). Ingestion points: External websites and social media posts are read to gather report content. Boundary markers: The skill does not define clear delimiters or "ignore" instructions for the ingested content. Capability inventory: The skill uses scripts/save_reports.py which can read arbitrary local files (via arguments) and write them to the docs/ directory. Sanitization: No sanitization or validation of the gathered content is performed.
[DATA_EXFILTRATION]: Risk of Local Data Exposure. The scripts/save_reports.py script resolves and reads text from file paths provided as command-line arguments. If an attacker-controlled external source provides malicious instructions that influence the agent's argument selection (Indirect Prompt Injection), this could lead to the exposure of sensitive local files by copying their content into the generated report files.
[COMMAND_EXECUTION]: The skill executes a local Python script scripts/save_reports.py to organize and save generated reports. While the script itself uses standard libraries and performs simple file operations, the execution of local scripts is a capability that can be abused if the agent's logic is subverted via external data.

game-ai-daily-report