The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains a template processing engine in SKILL.md (functions processTemplateVariables and getFieldValue) that exhibits a surface for indirect prompt injection.
Ingestion points: Data is ingested from ServiceNow record fields (e.g., incident.short_description) and attachment records.
Boundary markers: The interpolation logic uses ${field} syntax but lacks boundary markers or instructions to the agent to ignore embedded commands within the data.
Capability inventory: The skill has access to high-privilege tools such as snow_execute_script_with_output and snow_query_table via the platform configuration.
Sanitization: The implementation lacks sanitization or HTML escaping for values retrieved from getDisplayValue() before they are interpolated into the document content.

document-management