The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. The skill extensively reads data from third-party sources (Slack, Email, Google Drive) that are controlled by multiple users, including potentially malicious actors.
Ingestion points: Data is pulled from Slack channels, email threads, Google Drive documents, and calendar entries across examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md.
Boundary markers: Absent. The instructions do not provide delimiters or warnings to treat ingested content as data rather than instructions.
Capability inventory: The agent is granted permission to access and summarize sensitive organizational information across various communication tools.
Sanitization: Absent. There is no instruction to filter or sanitize potential instructions embedded in the summarized data.
[DATA_EXFILTRATION]: High-risk data exposure profile. The skill directs the agent to specifically target and summarize sensitive information such as executive announcements, product reviews, fundraising, and critical team member updates. While this aligns with the primary purpose, the broad scope of data access combined with the lack of input sanitization increases the risk of inadvertent data exposure.

internal-comms-anthropic