The Agent Skills Directory

[PROMPT_INJECTION]: The validate_with_llm function in SKILL.md is susceptible to indirect prompt injection. * Ingestion points: Untrusted content via the raw_text parameter is passed directly into a prompt template. * Boundary markers: The prompt template f"Text: {raw_text}\nDraft: {current_data}" lacks explicit delimiters like XML tags or backticks to isolate the untrusted data from the instructions. * Capability inventory: No high-risk capabilities like file system writes or shell command execution are defined in the provided snippets. * Sanitization: No sanitization or filtering is applied to the input text before it is sent to the LLM.

regex-vs-llm-structured-text