The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently executes shell commands via the Bash tool to run developer utilities. These include npx openpersona, npx clawhub@latest, and the GitHub CLI gh for tasks like creating, searching, and publishing personas.
[REMOTE_CODE_EXECUTION]: The skill provides instructions for the agent to install and execute third-party content from remote sources. Specifically, the command npx openpersona install <owner/repo> allows the installation of persona packs directly from arbitrary GitHub repositories. It also relies on the NPM registry (registry.npmjs.org) to fetch and run the management CLI tools dynamically.
[EXTERNAL_DOWNLOADS]: The skill interacts with several external endpoints for its core functionality, including openpersona.co for persona and dataset discovery, clawhub.ai and skills.sh for skill searches, and registry.npmjs.org for tool execution.
[DYNAMIC_EXECUTION]: The framework generates and installs new executable artifacts at runtime. It creates persona.json configurations and writes custom SKILL.md implementation files based on user-provided requirements. It also uses generated scripts like state-sync.js and economy-hook.js that are rendered from templates.
[DATA_EXFILTRATION]: The acn-register command, when initiated by the user, transmits agent metadata and its endpoint URL to a vendor-controlled registration service at acn-production.up.railway.app for discoverability purposes.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a broad attack surface for indirect prompt injection (Category 8). It ingests untrusted data from user requirements and external persona/skill descriptions to generate implementation instructions and configurations. It lacks explicit boundary markers or sanitization for these interpolated inputs, relying on the agent's internal reasoning to handle potentially malicious content within the generated artifacts. (Severity: LOW)

open-persona