The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines a RAG architecture that is vulnerable to indirect prompt injection. \n
Ingestion points: Untrusted data from web searches (stored in variables like SEARCH_RESULT, TAVILY, EXA) and external URL content extraction is ingested into the agent context in SKILL.md. \n
Boundary markers: The templates (e.g., lines 45, 60, and 75) lack delimiters or instructions to ignore embedded commands within the retrieved text. \n
Capability inventory: The skill uses infsh app run to execute remote applications across all example scripts. \n
Sanitization: No sanitization, escaping, or validation of the external content is performed before interpolation into prompts. \n- [COMMAND_EXECUTION]: The skill requires the infsh CLI and requests broad execution permissions via Bash(infsh *) to perform its primary functions. While intended for the platform, this grants the agent extensive access to the CLI's capabilities.

ai-rag-pipeline