The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from untrusted external websites. 1. Ingestion points: Untrusted content is retrieved via WebFetch and WebSearch during the research phase described in SKILL.md. 2. Boundary markers: The skill lacks explicit delimiters or instructions to ignore malicious commands embedded in the fetched web content. 3. Capability inventory: The skill can read local client context files, perform network-based research, and write persona assets to the local filesystem (SKILL.md). 4. Sanitization: No explicit sanitization or filtering of fetched web content is performed before processing.
[NO_CODE]: This skill consists entirely of instructional prompts and configuration in SKILL.md and does not include any executable code scripts or binaries.

icp-persona-builder