The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted web content. * Ingestion points: External website content is retrieved via the WebFetch tool as described in Phase 1 of SKILL.md. * Boundary markers: There are no instructions defining delimiters or boundary markers to differentiate between the agent's instructions and the untrusted data fetched from the web. * Capability inventory: The skill has access to WebFetch, Write, and Bash tools, which could be exploited if malicious content influences the agent's logic. * Sanitization: No sanitization or filtering of the retrieved HTML content is specified before the data is passed to subagents for analysis.

geo-audit