The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by instructing the agent to ingest untrusted data from run logs, error traces, and experiment outputs to generate new agent instructions or skills.
Ingestion points: The agent is directed to read artifacts such as 'artifacts/rc-*/', 'evolve.log', and 'reviews.md' as defined in SKILL.md.
Boundary markers: No specific delimiters or safety instructions are provided to help the agent distinguish between the content of the logs and the instructions for the evolution process.
Capability inventory: The agent has the capability to write new SKILL.md files (which serve as executable logic) and append content to system prompt configuration files such as 'prompts.default.yaml'.
Sanitization: There is no evidence of sanitization or validation of the content extracted from logs before it is incorporated into new skills or prompt patches.
[REMOTE_CODE_EXECUTION]: The skill involves the dynamic generation of executable logic in the form of new skill files and prompt addendums based on the analysis of runtime data. Although this occurs via the agent's file-writing capabilities and includes a user-validation step, the creation of self-modifying instruction sets that govern future agent behavior is a form of dynamic script generation.

a-evolve