The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data from audit logs and CSV/JSON event logs, which creates a surface for indirect prompt injection if an agent interprets log content as instructions.
Ingestion points: scripts/agent.py (via --audit-log argument) and scripts/process.py (via --input argument).
Boundary markers: None identified. Raw log content is included in findings without delimiters or warnings to the interpreting agent.
Capability inventory: The skill executes Python scripts that can read local files and make network requests to the Microsoft Graph API.
Sanitization: Log entries are truncated to 300-500 characters, but no content sanitization or natural language instruction filtering is performed.
[DATA_EXPOSURE]: The agent.py script interacts with the Microsoft Graph API to retrieve inbox rules. This is a legitimate functionality for its intended purpose and uses standard bearer token authentication provided at runtime rather than hardcoded credentials.
[COMMAND_EXECUTION]: The skill provides utility scripts for security analysis. These scripts perform standard file I/O and regex operations on security logs provided by the user.

detecting-email-forwarding-rules-attack