The Agent Skills Directory

[SAFE]: Comprehensive review of the markdown instructions and reference guides found no malicious code, hidden command execution, or data exfiltration logic. The skill operates within a controlled project directory structure.\n- [PROMPT_INJECTION]: The skill processes untrusted business context and spreadsheet data. (1) Ingestion points: Situation descriptions in '01-define-problem.md' and user data in '05-analyze.md'. (2) Boundary markers: The skill templates lack explicit delimiters or 'ignore embedded instructions' warnings for external content. (3) Capability inventory: The skill uses the 'Task' tool for subagent delegation and the 'xlsx-skill' for data processing. (4) Sanitization: No sanitization of ingested user input is specified. This configuration creates a vulnerability surface for indirect prompt injection from malicious business data.

consulting-problem-solving-ru