The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by interpolating variables that originate from potentially untrusted sources. For instance, in the 'Update Session' operation, a date is extracted from a file using grep and then passed directly into a git log command. In the 'Create Session' operation, the session title is used in a git commit message. If these variables contain shell metacharacters like semicolons or backticks, it could lead to the execution of arbitrary commands within the agent's environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to how it handles external data.
Ingestion points: The skill reads and processes existing documentation files ('Load session file') and retrieves data from the git repository's history ('Scan git commits' for log and diff information).
Boundary markers: No delimiters or protective instructions are utilized to separate the ingested data from the skill's operational logic, meaning the agent might treat instructions found within commit messages as authoritative.
Capability inventory: The skill possesses capabilities to perform file system writes and execute various git commands through subprocesses.
Sanitization: There is no evidence of sanitization or filtering applied to the text retrieved from session files or git commit logs before it is incorporated into the session document or used to determine next steps.

documenting-sessions