The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses a persistent 'learnings' pattern that stores session information in a local file, creating a surface for indirect prompt injection. * Ingestion points: The agent reads references/learnings.md at the start of the session (Step 1). * Boundary markers: Absent; there are no instructions to delimit or verify the content of the learnings file. * Capability inventory: The skill has file-write (append) instructions in SKILL.md (Step 4) to record new information discovered during the session. * Sanitization: Absent; no validation or escaping is applied to the data written to the learnings file.

sales-startupage