The Agent Skills Directory

[PROMPT_INJECTION]: The skill features a surface for indirect prompt injection. Components like the invoicing bot and FAQ assistant ingest untrusted data from user-provided text, files, and LLM-generated summaries.\n
Ingestion points: invoicer/bot/bot.js (extracts text from PDF/DOCX files), invoicer/invoicer.view.ts (processes text pasted by users).\n
Boundary markers: Absent or limited to standard markdown formatting.\n
Capability inventory: The skill scripts utilize fetch for network requests and writeFileSync for document generation (e.g., in invoicer/bot/bot.js).\n
Sanitization: No explicit sanitization or filtering of interpolated external content is observed before it is used in LLM prompts or UI rendering.\n- [REMOTE_CODE_EXECUTION]: Documentation and UI text entries (in references/TAURI_SETUP.md and app/app.view.tree) suggest the use of curl https://sh.rustup.rs | sh for environment setup. This is a reference to the official and well-known installer for the Rust programming language and is used in an informative context.\n- [EXTERNAL_DOWNLOADS]: The invoicing web application dynamically loads third-party libraries (including html2canvas, jspdf, jszip, and pdf.js) from cdnjs.cloudflare.com. This is a well-known and established CDN service.\n- [DATA_EXFILTRATION]: The application is designed to transmit user-provided text and extracted document data to external LLM endpoints. While this allows for flexibility (e.g., using local Ollama instances), it also enables the transmission of data and potentially API keys to non-whitelisted, user-specified URLs. This behavior is consistent with the primary purpose of the invoicing tool.\n- [COMMAND_EXECUTION]: Skill instructions in SKILL.md and references/ recommend using standard CLI tools like npm create for project scaffolding and git for workflow management.

mol