The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests and processes untrusted data from external users. 1. Ingestion points: Support tickets, Slack channel history, and NPS/CSAT scores as defined in 'SKILL.md'. 2. Boundary markers: Absent; there are no instructions to the agent to treat external data as untrusted or to use specific delimiters. 3. Capability inventory: The agent is instructed to perform file-write operations to save the 'risk-report' in 'SKILL.md'. 4. Sanitization: None; the skill does not specify any validation or filtering for the ingested CSV or log data.
[COMMAND_EXECUTION]: The 'SKILL.md' file provides a specific 'cron' command for automated execution of the skill via a Python script. This establishes a persistence mechanism that periodically executes code on the host system.

churn-risk-detector