The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill's primary function involves ingesting and analyzing potentially untrusted data from multiple sources, creating a surface where embedded instructions could influence agent behavior.
Ingestion points: The orchestrator in SKILL.md and the verdict-agent.md are instructed to read and analyze user-provided data files, such as reports, CSVs, and documents. Additionally, external-check-agent.md ingests content directly from the live web via WebSearch results.
Capability inventory: The skill is configured with a broad set of capabilities, including Bash for shell execution, WebSearch and WebFetch for network access, and Read/Grep/Glob for file system interaction.
Boundary markers: The instructions do not define strict boundary markers or include specific 'ignore embedded instructions' directives when the agent processes the contents of external business reports or web data.
Sanitization: The skill lacks explicit sanitization or validation logic for the data it fetches from the web or reads from user-uploaded files before incorporating that data into the diagnostic process.

diagnose