The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest data from external web searches to identify current news topics, which creates a surface for indirect prompt injection.
Ingestion points: Untrusted data enters the agent context via the search_web tool results as instructed in SKILL.md.
Boundary markers: The instructions lack specific delimiters or warnings to ignore instructions that might be embedded in the retrieved web content.
Capability inventory: The skill has the capability to write files to the local filesystem (history_autopsy_outputs/ and history_autopsy_log.json).
Sanitization: No validation or sanitization of search results is defined before the data is used to influence the skill's output.
[SAFE]: The skill uses standard file operations and network tools (web search) that are directly related to its primary function of historical research and reporting. File access is scoped to specific application-related paths, and no exfiltration of sensitive user data was detected.

history-autopsy