The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external JSON files without adequate sanitization. Ingestion points: The skill ingests untrusted data from the --macros_json and --context_json files in support_macro_personalizer.py. Boundary markers: No delimiters or boundary markers are used to separate templates from instructions, which could lead the agent to follow embedded commands. Capability inventory: The script has the capability to create directories via os.makedirs and write files via open with write permissions in support_macro_personalizer.py. Sanitization: The script fails to sanitize the id field from the input JSON, allowing a path traversal attack where an attacker could write files to unauthorized locations by using characters such as ../ in the ID field.

support-macro-personalizer