The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external enterprise systems.
Ingestion points: Data is retrieved from [ERP] and [CASH] systems, including fields like '被担保方' (Guaranteed Party) and '状态' (Status) in SKILL.md.
Boundary markers: The instructions lack explicit delimiters or markers to distinguish between the skill's logic and the data fetched from the ERP, which could allow malicious content in the data source to influence agent behavior.
Capability inventory: The skill is restricted to data analysis and report generation; no dangerous shell command execution, network exfiltration, or file modification capabilities were identified.
Sanitization: There are no instructions for sanitizing or validating the integrity of the data retrieved from the financial systems before it is processed.

intercompany-guarantee-review