The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection within the outlier classification workflow. The script scripts/classify_outliers.py reads document text from user-provided Excel files and interpolates it directly into a prompt template (Document:\n{document}) sent to the Gemini API. An attacker could embed malicious instructions in the Excel data to manipulate the model's classification output or confidence scores.
Ingestion points: The text column of the input Excel file processed in scripts/classify_outliers.py.
Boundary markers: The prompt template uses minimal markers (Document:\n) and lacks explicit instructions to the LLM to ignore instructions contained within the provided document text.
Capability inventory: The script has the capability to read and write Excel files (via pandas) and perform network operations to communicate with the Gemini API. While the current scope is limited to updating classification labels, the pattern demonstrates a lack of input validation.
Sanitization: No sanitization, escaping, or filtering of the document text is performed before it is sent to the foundation model.

q-tf