The Agent Skills Directory

[DATA_EXPOSURE]: The skill reads SAP system metadata, including SID, release information, and the current username. This information is written to a local file (system-info.md) and used to ground the agent's context. No network exfiltration of this data was observed.
[COMMAND_EXECUTION]: The skill utilizes platform-specific tools (SAPRead, SAPManage, SAPLint) to interact with the SAP system. These operations are read-only and intended for system discovery as per the skill's stated purpose.
[INDIRECT_PROMPT_INJECTION]: The skill ingests data from an external source (the SAP system) and interpolates it into a file used for agent grounding.
Ingestion points: SAP system metadata is retrieved via SAPRead, SAPManage, and SAPLint calls.
Boundary markers: The variables (e.g., <description>, <message>) are placed directly into the Markdown template without explicit boundary markers or instructions to ignore embedded commands.
Capability inventory: The skill has the capability to write files (system-info.md) and output summaries to the user.
Sanitization: No sanitization or escaping of the retrieved metadata is performed before writing to the file. This creates a surface for potential indirect prompt injection if the SAP system metadata contains malicious instructions, though the risk is considered low for this use case.

bootstrap-system-context