The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.\n- Ingestion point: Document content retrieved via gws docs documents get in SKILL.md.\n- Boundary markers: No explicit markers or instructions to isolate document content from instructions.\n- Capability inventory: Subprocess execution of gws for reading and writing documents across Google Workspace.\n- Sanitization: scripts/extract-doc-text.py extracts raw text without filtering for instruction-like patterns.\n- Note: This finding is considered a risk surface inherent to the skill's primary document processing function.

google-workspace