The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted website data from the {extract_results} placeholder directly into the agent context without boundary markers or instructions to disregard embedded commands.
Ingestion points: Untrusted content is ingested via the {extract_results} variable in SKILL.md.
Boundary markers: Absent. The skill does not use delimiters (e.g., XML tags or triple backticks) to isolate external data from its own instructions.
Capability inventory: No dangerous capabilities such as file system writes or shell execution were detected in this skill.
Sanitization: No sanitization or filtering logic is present to handle potentially malicious instructions within the source data.

stock-metrics