The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive user data by connecting to email accounts via IMAP and reading message contents. It also stores and reads email credentials (authorization codes) from a local configuration file (config.json) to perform its primary function.
[EXTERNAL_DOWNLOADS]: The process_invoices.py script automatically downloads files from URLs extracted from email bodies. It interacts with external endpoints using both the requests library and a headless browser (playwright) to retrieve invoice documents.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from emails and external websites.
Ingestion points: Email headers, email bodies, and external web page content processed by scripts/process_invoices.py.
Boundary markers: Absent; untrusted data is processed without specific delimiters or instructions to ignore embedded commands.
Capability inventory: File system write access for saving invoices, Excel summaries, and logs; network access for IMAP connectivity and HTTP downloads.
Sanitization: The script performs magic bytes verification (e.g., checking for %PDF or image signatures) to ensure downloaded content matches expected file types before storage. It uses regular expressions and table extraction for data parsing.

email-invoice-processor