The Agent Skills Directory

Indirect Prompt Injection Surface: The skill is designed to process untrusted data from various internal communication channels. (1) Ingestion points: Data enters the context via Slack messages, Google Drive documents, email threads, and calendar events as specified in examples/3p-updates.md and examples/company-newsletter.md. (2) Boundary markers: The skill does not currently implement delimiters or specific instructions to ignore embedded prompts within the ingested content. (3) Capability inventory: Across the scripts, the agent is directed to read files and messages; no active subprocess calls, code execution, or file-write capabilities were identified in the instructions. (4) Sanitization: No explicit evidence of input validation, escaping, or filtering of external content was found in the provided guidelines. Context: The presence of high-volume ingestion from shared sources without sanitization or boundaries creates a surface where embedded instructions in those sources could potentially influence agent behavior.
Broad Data Access: The skill instructions guide the agent to review high-context internal communications to identify progress, plans, and frequently asked questions. While this access is necessary for the skill's primary purpose of summarizing company activity, users should ensure the agent's permissions are limited to the necessary data scopes to maintain the principle of least privilege.

internal-comms