The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interfaces with well-known identity providers, such as Microsoft Entra ID and Workday, to synchronize worker data and automate provisioning workflows.
[COMMAND_EXECUTION]: Includes a Python-based auditing utility (scripts/agent.py) that interacts with the local filesystem to save reports and utilizes environment variables for API authentication.
[PROMPT_INJECTION]: The skill processes untrusted identity data (e.g., employee names, job titles) from external APIs, which represents a potential surface for indirect prompt injection.
Ingestion points: scripts/agent.py and SKILL.md ingest data from Microsoft Graph and Workday APIs.
Boundary markers: No explicit delimiters are used to separate identity data from instructions.
Capability inventory: File system writing and API-based identity management.
Sanitization: The provided code does not explicitly sanitize identity attributes before processing.
[SAFE]: The skill follows security best practices by avoiding hardcoded credentials, using well-known enterprise endpoints, and providing tools for legitimate security posture management.

building-identity-governance-lifecycle-process