The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains specific instructions to bypass standard conversational feedback and user confirmation loops. It directs the agent to "not acknowledge first" and "not ask, do not write a message first" when encountering specific workflow tags like <workflow-verification-follow-up>. These instructions override the expected behavior of informing the user before taking action, allowing the agent to perform tasks silently.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to respond to XML-like tags within the message history, such as <workflow-setup-required>. This ingestion of structured tags from the conversation context serves as a trigger for automated tool execution, which could be exploited if an attacker can inject these tags into the conversation through other data sources processed by the agent. To mitigate this, ensure that these control tags are only generated by trusted platform components and cannot be influenced by user-controlled workflow names or data.

post-build-flow