The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its alert reporting functionality.
Ingestion points: The agent.py script retrieves DLP alert data (including titles and descriptions) from Microsoft Graph API endpoints, which are populated based on external content matching DLP rules.
Boundary markers: No explicit boundary markers or delimiters are employed within the script's output generation to isolate external alert content from the report structure.
Capability inventory: The agent script performs network operations via the Microsoft Graph API and has the authority to write JSON and CSV reports to the local file system.
Sanitization: The script does not perform sanitization or validation of the alert metadata received from the API prior to recording it in the compliance reports.

implementing-data-loss-prevention-with-microsoft-purview