The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user data (conversation histories and tasks) that are subsequently interpolated into system prompts for memory retrieval and reasoning operations. Ingestion points: Untrusted data enters the context in 'templates/distill_intent.py' via the 'messages' list and across all integration recipes in 'recipes/' through 'prompt' or 'task' arguments. Boundary markers: The skill provides partial mitigation by wrapping user content in structural tags like '' in 'templates/distill_intent.py' and '<past_resolutions>' in 'recipes/langgraph.md'. Capability inventory: The agent environment supports execution of shell commands such as 'curl', 'uv add', 'python -c', and 'grep' (seen in 'SKILL.md'), and performs network operations to the vendor's API ('api.starlight-search.com' in 'templates/smoke_test.py'). Sanitization: No evidence of explicit escaping or sanitization of user-provided strings is present before they are embedded in the prompt templates.
[SAFE]: The skill fetches documentation and configuration from official vendor domains ('docs.starlight-search.com', 'api.starlight-search.com') and standard package registries, which is standard behavior for an integration tool.
[SAFE]: Sensitive information such as API keys are managed through environment variables ('REFLECT_API_KEY'), following industry standard security practices.

integrate-reflect