The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill describes a template system that processes record data for use in HTTP requests and SQL queries. It provides security-relevant guidance, such as the distinction between double braces {{ }} (HTML-escaped/auto-formatted) and triple braces {{{ }}} (raw output). It also documents sanitization helpers like sanitize for stripping HTML and htmlEncode for character escaping. While Handlebars can be a surface for injection, this documentation focuses on legitimate transformation tasks and provides the necessary tools for safe data handling.
[DATA_EXFILTRATION]: The documentation explains how to access secure connection metadata, such as connection.http.encrypted.apiKey, for use in authorized API requests (e.g., via the aws4 or hmac helpers). This is standard functionality for an integration platform to facilitate authenticated communication between services.
[NO_CODE]: The skill consists entirely of Markdown documentation files. No executable scripts, binaries, or configuration files are included that could perform unauthorized actions in the execution environment.

writing-handlebars