The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface because it is designed to ingest and interpret data generated by external applications during test runs.
Ingestion points: The agent is instructed to read content from files such as console.json (browser console output), har-pages.log (network traffic), and metadata.json (test metadata).
Boundary markers: The instructions do not define delimiters or markers to separate untrusted data found in logs from the agent's core instructions.
Capability inventory: The skill utilizes the momentic_get_run and momentic_list_runs MCP tools to fetch and process this data for analysis and bucket-based classification.
Sanitization: There is no evidence of filtering or sanitization of the test artifacts before the agent processes them, which could allow malicious content within the logs to influence the agent's classification logic.

momentic-result-classification