The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to process untrusted user data, which creates a surface for indirect prompt injection. \n- Ingestion points: Untrusted data is ingested into the agent context via the $ARGUMENTS variable in SKILL.md. \n- Boundary markers: The skill instructions do not define explicit delimiters (such as XML tags or markers) to separate the user-supplied plan from the system's own red-teaming instructions. \n- Capability inventory: The skill does not utilize any sensitive tools, such as file system access, network requests, or subprocess execution, which significantly limits the potential impact of an instruction-override attempt. \n- Sanitization: There is no evidence of input validation or sanitization applied to the user-provided data before processing.

strategy-red-team