The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from mobile user interfaces, creating a surface for indirect prompt injection.
Ingestion points: Discovery tools including describe, debugger-component-tree, and screenshot (SKILL.md) ingest content directly from the device screen, which may include text or identifiers from untrusted third-party apps.
Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard instructions potentially embedded within retrieved UI data.
Capability inventory: The agent has access to powerful interaction capabilities such as keyboard for text and special key injection, gesture-tap for UI manipulation, and open-url for navigating to web pages or deep links (SKILL.md).
Sanitization: No sanitization or validation logic is defined for the UI content captured by the discovery tools before it is used to determine subsequent agent actions.

argent-device-interact