The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its core function of processing external data. 1. Ingestion points: Reads call recording links and project files from the repository as part of coaching workflows. 2. Boundary markers: Lacks explicit instructions or delimiters to isolate untrusted data from the agent's primary instructions or to warn the model about embedded commands. 3. Capability inventory: The skill is authorized to use bash, git, and File ops for repository and system tasks, which could be abused if an injection occurs. 4. Sanitization: No validation or sanitization logic is present to filter malicious instructions from processed call transcripts or deal logs before they are evaluated by the agent.

sales-coach