The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on external, potentially untrusted communication data. * Ingestion points: Data is pulled from Slack messages, Google Drive documents, Email content, and Calendar events as specified in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md. The newsletter example also suggests pulling from external press. * Boundary markers: The instructions do not provide delimiters or instructions for the agent to ignore prompts embedded in the retrieved content. * Capability inventory: The skill uses tools to read internal communications and synthesize them into various report formats. * Sanitization: There is no evidence of content validation or sanitization before the data is processed by the LLM.
[DATA_EXFILTRATION]: The skill's instructions to search and extract data from core business applications (Slack, Email, Drive) present a risk surface where sensitive information could be captured and potentially exfiltrated if the agent's output is redirected through an injection attack.

internal-comms