The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the creation of extensions that ingest untrusted data from the user's local environment (e.g., clipboard, selected text, or browser content) and pass it directly to LLMs via the AI.ask API, creating a surface for indirect prompt injection.
Ingestion points: Clipboard.readText() (found in examples.md), getSelectedText() (found in references/api/environment.md), and BrowserExtension.getContent() (found in references/api/browser-extension.md).
Boundary markers: The documentation snippets do not provide delimiters or instructions to isolate or treat ingested content as untrusted data.
Capability inventory: The documented APIs include powerful capabilities such as network fetching (useFetch), browser integration (BrowserExtension), file system modifications (trash, fs.promises.writeFile), and AI model interaction (AI.ask).
Sanitization: Provided examples do not demonstrate input validation or sanitization before data is used in prompts.
[DATA_EXFILTRATION]: The skill documents APIs that provide access to sensitive user information, which could be leveraged for data exposure or exfiltration if the agent's logic is subverted.
Evidence: Documentation for reading the full clipboard history (Clipboard.read with offset), retrieving active browser tab URLs and contents (BrowserExtension.getTabs), and accessing file system paths via the Finder selection (getSelectedFinderItems).

raycast-extensions