The Agent Skills Directory

Handling of Untrusted Content: The skill correctly identifies that onboarding documents are supplied by third parties and contains clear instructions to the agent to treat this content as data rather than instructions. This approach aligns with security best practices for minimizing risks from indirect prompt injection.
Use of Boundary Markers: The prompt instructions include specific delimiters (untrusted_document) to wrap external data, which helps the model distinguish between instructions and the content being analyzed.
Limited Tool Capabilities: The skill does not use any external tools, network requests, or file system modifications, significantly reducing the potential impact of any malicious content embedded in the processed documents.
Indirect Prompt Injection Surface: 1. Ingestion points: Document packets provided by applicants in SKILL.md. 2. Boundary markers: Explicitly defined as untrusted_document tags. 3. Capability inventory: No subprocess calls, network operations, or file-writing tools are utilized. 4. Sanitization: Managed via prompt-based scoping and JSON schema validation.
Data Extraction Integrity: The skill provides clear guidance to avoid executing instructions or following links found within documents, which reduces the surface for adversarial manipulation.

kyc-doc-parse