The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and displays data from an external API (Layerproof) without using boundary markers or instructions to disregard potential commands embedded in the API responses. * Ingestion points: JSON responses from API endpoints defined in SKILL.md. * Boundary markers: Absent; the agent is instructed to display raw JSON output directly. * Capability inventory: The skill performs network operations via curl and handles file keys for S3 storage. * Sanitization: No sanitization or validation of the content returned by the API is performed before processing or display.
[COMMAND_EXECUTION]: The skill provides shell templates for the agent to execute curl commands and source environment variables from .env.local. While these are standard practices for API integration, executing shell commands based on external files or API responses requires careful handling of the environment.

slide-decks