The Agent Skills Directory

[Indirect Prompt Injection Surface]: The skill is designed to process external onboarding documents provided by applicants, which constitutes an ingestion point for untrusted data. While this is the intended purpose of the skill, it creates a surface where the agent might encounter malicious instructions embedded within the documents.
[Instructional Guardrails]: The author has implemented specific safety measures to mitigate risks. The instructions explicitly direct the agent to treat all extracted content as data only and never to follow links or execute instructions found within the documents. It also suggests a boundary marker approach to distinguish between its own logic and the processed data.
[Least Privilege Design]: The skill does not request access to any dangerous tools, network operations, or file system modifications. Its output is limited to a structured JSON format, which reduces the potential impact of any processing errors or injection attempts.

kyc-doc-parse