The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from external sources.
Ingestion points: Data is pulled from user-uploaded CSV files and external connectors such as 1C, MyWarehouse, and payment services as described in SKILL.md Step 2.
Boundary markers: The instructions do not define clear delimiters or use 'ignore embedded instructions' warnings for the data being interpolated into the analysis prompt.
Capability inventory: The skill can generate text reports and invoke the xlsx skill to create files. It does not have direct shell access or network exfiltration capabilities beyond its defined tool use.
Sanitization: There is no evidence of input validation or sanitization to prevent the AI from following instructions embedded within the financial records, such as in transaction descriptions or customer names.

cash-flow-snapshot