The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external entitlement data from CSV and JSON files without adequate sanitization, presenting a surface for indirect prompt injection. * Ingestion points: scripts/agent.py and scripts/process.py load data via file ingestion functions. * Boundary markers: Absent. Input data is not delimited or accompanied by instructions to ignore embedded commands. * Capability inventory: The skill is capable of reading local files and writing analysis results to JSON reports. * Sanitization: None. The scripts do not validate or escape the content of the data fields.
[PROMPT_INJECTION]: There is an inconsistency in the author metadata; SKILL.md lists 'mahipal' as the author, while the LICENSE file copyright is held by 'mukul975'.
[COMMAND_EXECUTION]: The script scripts/agent.py imports the requests library but does not utilize it, representing a best-practice violation and an unnecessary dependency.

performing-access-review-and-certification