The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection because it is designed to ingest and process data from external, untrusted sources such as websites, repositories, and media files. This is a characteristic of the skill's primary function as a scraper and converter. * Ingestion points: scrape_docs, scrape_github, scrape_pdf, scrape_video, and scrape_generic tools (SKILL.md). * Boundary markers: Not present; the instructions do not specify delimiters or security constraints for handling untrusted input within the sources. * Capability inventory: Tools for local file access (scrape_codebase), network requests (scrape_docs), and data export/upload (upload_skill, export_to_*) (SKILL.md). * Sanitization: Not present; source content is processed for enhancement and packaging without explicit sanitization steps mentioned.
[DATA_EXFILTRATION]: The skill provides tools to read local directories (scrape_codebase) and export data to external vector databases or APIs. While this creates a path for data movement, it is a legitimate and expected component of the skill's utility for packaging and deploying knowledge bases from local sources.

skill-builder