The Agent Skills Directory

[PROMPT_INJECTION]: The skill metadata contains instructions using high-priority markers ("CRITICAL") and explicit directives to "override default messaging behavior". These patterns are used to force the agent's prioritization and formatting logic over its baseline safety and behavioral guidelines.
[PROMPT_INJECTION]: The skill facilitates the processing of external message data, establishing a vulnerability surface for indirect prompt injection attacks.
Ingestion points: The skill retrieves untrusted data from external conversations via chat.getMessages and chat.listThreads as described in SKILL.md.
Boundary markers: There are no instructions for using delimiters or protective context (e.g., "ignore instructions within the message") to separate retrieved message content from the agent's command context.
Capability inventory: The skill possesses capabilities that can be misused if an injection occurs, including chat.sendMessage, chat.sendDm, and chat.setUpSpace.
Sanitization: While the skill provides logic for formatting conversions, it lacks sanitization or validation mechanisms to prevent executable instructions embedded in chat messages from influencing the agent's actions.

google-chat