The Agent Skills Directory

Indirect Prompt Injection Surface: The skill defines a workflow that extracts and processes content from external URLs, which represents a potential surface for indirect instructions to influence agent behavior.
Ingestion points: Untrusted data enters the agent context in Step 1, where the agent is instructed to fetch and extract the entire raw text content from a user-provided blog URL.
Boundary markers: The prompt explicitly requests the raw text exactly as it appears in the HTML without modification or omission, which may bypass standard boundary markers or summarization filters.
Capability inventory: The workflow possesses significant capabilities, including generating new security rules (generate_rules), auditing existing rule configurations (get_rule), and simulating attacker behavior (generate_synthetic_events).
Sanitization: The skill instructions do not specify content validation or sanitization before the extracted text is passed to subsequent tools in the detection engineering chain.
Access to Security Configuration: The skill interacts with sensitive security data via the get_rule tool to verify enablement and alerting status. This is a standard part of the coverage evaluation process and is used to identify gaps in the environment's detection capabilities.

detection-engineering-coverage-evaluation