The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled Python script (scripts/ks2.py) and uses Python heredocs to perform Kolmogorov-Smirnov statistical tests. The execution involves fetching the file from the skill bundle, writing it to a temporary directory, and invoking the Python interpreter. The script is localized to the skill package and does not perform network or sensitive file system operations.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external analytics queries and interpolates it into user-facing descriptions and notebooks.
Ingestion points: Data is retrieved via the insight-query, execute-sql, and dashboard-insights-run tools, which can return attacker-influenced content such as insight names, dashboard titles, or event property values.
Boundary markers: The instructions do not define clear delimiters or include warnings to ignore instructions embedded in the analyzed data.
Capability inventory: The skill has the capability to write to the platform via notebooks-create and signals-scout-emit-signal, potentially misleading users if the content is manipulated.
Sanitization: No explicit sanitization or validation of the retrieved analytics data is implemented before its interpolation into prompt templates.

signals-scout-anomaly-detection