The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates the loading and processing of external BCF files, which are XML archives containing metadata and user-defined text such as topic titles, descriptions, and comments. This data is ingested into the agent context, creating a surface where malicious instructions could be embedded. * Ingestion points: Found in bpy.ops.bim.load_bcf_project within SKILL.md and the batch processing examples in references/examples.md. * Boundary markers: The documented patterns do not include delimiters or specific system instructions to differentiate between the BCF data content and the agent's core instructions. * Capability inventory: The skill exposes capabilities including file system writing via save_bcf_project, execution of Blender API operators via bpy.ops, and opening external URLs through open_bcf_reference_link. * Sanitization: There is no mention of sanitization or validation logic for the text fields extracted from external BCF files.

bonsai-impl-bcf