The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill documents patterns for ingesting external data into model prompts, which presents an inherent surface for indirect injection if processed files contain malicious instructions.
Ingestion points: The data_processing.sh template reads content from local text files in ./data/raw/.
Capability inventory: The skill uses the belt CLI to run various AI models (openrouter/claude-haiku-45, falai/flux-dev, etc.).
Boundary markers: The templates do not use specific delimiters or instructions to ignore embedded commands in the processed data.
Sanitization: No sanitization is performed on the file content before it is interpolated into the JSON input for the belt command.
[EXTERNAL_DOWNLOADS]: The documentation references installation scripts and related automation skills hosted on the official GitHub repository for the inference-sh organization.
[COMMAND_EXECUTION]: The skill provides various Bash and Python templates that perform legitimate automation tasks, such as directory creation, file reading, and executing the belt CLI tool.
[DATA_EXFILTRATION]: Includes a monitoring template that uses curl to send error logs to a placeholder webhook URL (your-webhook.com). This is a standard functional pattern for workflow alerting and does not involve the transmission of sensitive system data.

ai-automation-workflows