The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process data from user-supplied CSV files (e.g., user_permissions.csv, hr_data.csv). \n
Ingestion points: The skill loads external data via csv.DictReader in scripts/agent.py and pandas.read_csv in scripts/process.py. \n
Boundary markers: There are no explicit markers or specialized instructions to prevent the agent from processing instructions that might be embedded within the data files. \n
Capability inventory: The skill performs local file reading and writing (generating reports and migration plans) but lacks network connectivity or command execution capabilities. \n
Sanitization: Data is parsed as structured CSV, but individual fields are not filtered for potential malicious prompt content. \n- [SAFE]: The skill leverages established, well-known Python libraries for data analysis, including pandas, numpy, and scikit-learn. No suspicious or unverified dependencies were identified. \n- [SAFE]: All file system and data operations are consistent with the skill's primary purpose of identity governance and RBAC analysis. No unauthorized access to credentials or sensitive system locations was detected.

building-role-mining-for-rbac-optimization