The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data originating from external web traffic.
Ingestion points: The skill reads attacker-controlled data from the sessions and events tables via the execute-sql tool, specifically targeting fields like $entry_pathname, $entry_referring_domain, $entry_utm_source, and $entry_current_url.
Boundary markers: The skill contains a dedicated 'Untrusted data' section that explicitly warns the agent that acquisition data is 'attacker-adjacent' and must be treated strictly as data, not instructions.
Capability inventory: The agent has the capability to execute SQL queries, write to internal memory via signals-scout-scratchpad-remember, and emit signals via signals-scout-emit-signal.
Sanitization: The instructions mandate the use of sanitized identifiers (truncation, slugification) and the use of short, quoted snippets when reporting user-supplied strings to mitigate the risk of the agent obeying embedded commands.

signals-scout-web-analytics