The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by instructing the agent to ingest and analyze data from external tool outputs.
Ingestion points: The skill queries $mcp_error_message and $exception_message from the events table (e.g., in the 'why is a tool failing' workflow). This data represents logs from other tools and systems that may contain attacker-controlled content.
Boundary markers: The skill does not provide instructions to wrap this potentially untrusted data in delimiters or provide 'ignore embedded instructions' warnings to the agent.
Capability inventory: The skill utilizes the posthog:execute-sql tool to perform reads on the shared events table.
Sanitization: No sanitization, escaping, or filtering of the content within error messages is performed before the agent processes the results.

exploring-mcp-tool-quality