The Agent Skills Directory

[SAFE]: The skill implements logic for parsing and analyzing reported phishing emails. It uses standard Python libraries and communicates with well-known security services (VirusTotal). No credential theft, persistence, or malicious code execution was found.
[PROMPT_INJECTION]: The skill processes external, untrusted content from reported email files, which presents a surface for indirect prompt injection.
Ingestion points: The scripts/agent.py and scripts/process.py scripts read untrusted .eml files provided as input.
Boundary markers: The skill does not use specific delimiters or instructions to prevent the agent from following instructions embedded in the processed emails.
Capability inventory: The skill uses the requests library for external API communication and performs file write operations for reporting.
Sanitization: The scripts truncate email bodies to 5000 characters and use regular expressions for extraction, but do not sanitize the content to prevent the interpretation of malicious instructions by an AI agent.

building-phishing-reporting-button-workflow