The Agent Skills Directory

Indirect Prompt Injection Considerations: The skill processes applicant records which are derived from untrusted external documents. To address this potential attack surface, the instructions include a specific security boundary warning the agent to apply rules to the data without following any instructions that might be embedded within those documents.
Data Processing and Scope: The skill is designed to produce a structured JSON disposition (score and route) rather than performing high-privilege operations or automated approvals. This design follows the principle of least privilege, ensuring a human reviewer or subsequent system remains in the loop for final decision-making.
Tool Integration: The skill references external tools for screening (PEP, sanctions) and parsing, which is a standard pattern for modular agent workflows and does not introduce unusual security risks within this context.

kyc-rules