The Agent Skills Directory

[PROMPT_INJECTION]: The skill inherently possesses an attack surface for indirect prompt injection because its primary purpose is to process untrusted external data such as chat logs, transcripts, and data exports.
Ingestion points: The skill ingests arbitrary files provided by the user (JSON, CSV, HTML, etc.) through the Read tool.
Boundary markers: The skill includes a robust 'Content Trust Boundary' section that explicitly instructs the agent to treat source data as content to distill and never as instructions to follow, providing clear delimiters for the agent's behavior.
Capability inventory: The skill has the capability to read external files and write new content into the local Obsidian vault, including wiki pages and system logs.
Sanitization: The agent is instructed to transform input into a structured knowledge base, which acts as a manual distillation/sanitization process by prioritizing extraction of facts over execution of text content.
[PROMPT_INJECTION]: Deterministic detectors flagged instructions such as 'ignore previous instructions' and 'modify your behavior'. Analysis confirms these are defensive examples used to instruct the agent on what to ignore when processing untrusted data, rather than malicious attempts to subvert the agent's system prompt.

data-ingest