The Agent Skills Directory

[SAFE]: The skill implements strong defenses against indirect prompt injection by isolating untrusted content within XML tags and providing explicit instructions to the AI to ignore embedded directives. Evidence Chain: 1. Ingestion points: 'artifact' and 'context' parameters in 'scripts/challenger.py'. 2. Boundary markers: XML tags '' and '' are used. 3. Capability inventory: 'subprocess.check_call' for package installation and network access for API communication in 'scripts/challenger.py'. 4. Sanitization: Explicit trust boundary instructions are included in all system prompts.\n- [COMMAND_EXECUTION]: The script 'scripts/challenger.py' uses 'subprocess.check_call' to install the 'requests' library when needed. This is a legitimate dependency management practice gated to sandboxed environments and targets a well-known, standard package.\n- [SAFE]: Sensitive API credentials are appropriately managed using environment variables or dedicated local configuration files ('proxy.env', 'claude.env') and are only transmitted to trusted services including Google, Anthropic, and Cloudflare.

challenging