The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process information from untrusted external sources, which could contain adversarial instructions targeting the agent's behavior.
Ingestion points: Data is collected from Email systems, Messaging platforms (Slack, Teams), and Document Repositories (SKILL.md, Phase 3).
Boundary markers: The instructions do not define specific delimiters (e.g., XML tags or triple backticks) to separate ingested content from the system prompt, nor do they include warnings to ignore instructions found within that content.
Capability inventory: The agent summarizes retrieved information into briefings and task lists which are then intended for circulation among stakeholders.
Sanitization: There is no mention of content filtering, escaping, or validation of the data retrieved from external systems.
[DATA_EXFILTRATION]: Access to Sensitive Data Stores. The skill workflow involves systematically accessing high-value corporate information systems, including Contract Management Systems (CMS), CRM platforms, and legal document repositories. While this is the intended purpose of the skill, the concentration of access to sensitive legal and business data across silos represents a significant exposure surface if the agent's context is compromised.
[NO_CODE]: No Executable Code. The skill consists entirely of markdown instructions and does not ship with scripts, binaries, or automated configuration files, which limits its ability to perform unauthorized system operations directly.

legal-briefing