The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes content briefs from potentially untrusted sources (indirect prompt injection surface). While it lacks explicit boundary markers for this data, it maintains a strict 'human-in-the-loop' policy, requiring explicit owner approval at every stage (Calendar, Asset Inventory, Generation, Captions, Scheduling), which effectively mitigates the risk of automated malicious execution.
[COMMAND_EXECUTION]: The skill utilizes abstracted tools (~~дизайн and ~~crm) for interacting with external services such as VistaCreate, Supa, or Bitrix24. These interactions are documented with safety checks for rate limiting and quota management.
[DATA_EXFILTRATION]: No evidence of unauthorized sensitive data exfiltration was found. The skill handles asset IDs and design IDs necessary for its primary function and instructs the agent to avoid processing emails through design services to prevent data leakage or placeholder errors.

canva-creator