The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external data sources, creating a surface for Indirect Prompt Injection (Category 8).
Ingestion points: The prompt instructions in SKILL.md designate 'user questions' and 'full conversation' as the primary and secondary evidence for the agent to follow.
Boundary markers: The skill lacks explicit delimiters (like XML tags or triple quotes) or specific 'ignore instructions' warnings to separate the untrusted data from the agent's logic.
Capability inventory: The skill is primarily instructional and does not define automated tools, shell execution, or network access within its files.
Sanitization: No sanitization, escaping, or validation steps are included for the data processed from the conversation sources.

100 / tool / 33