The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation guide instructs the user to clone a repository from an untrusted account (cft0808/edict.git) and execute a local installation script (install.sh), which performs extensive system modifications including workspace creation and symlinking.
[EXTERNAL_DOWNLOADS]: The skill documentation provides commands to download and execute a Docker image from an unverified external source (cft0808/sansheng-demo), which could execute arbitrary code in the user's environment.
[CREDENTIALS_UNSAFE]: The system's installation script automatically synchronizes sensitive credentials (ANTHROPIC_API_KEY and OPENAI_API_KEY) across 12 distinct agent workspaces, increasing the risk of credential exposure or mismanagement.
[COMMAND_EXECUTION]: The provided Python code samples utilize the subprocess module to execute local CLI commands, including passing user-controlled messages directly to the openclaw orchestration system.
[DATA_EXFILTRATION]: The skill configuration allows for data to be sent to external webhooks (such as Feishu/Lark) and fetched from remote APIs, creating potential pathways for data leakage if the system is compromised.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted user input is passed to the 'taizi' agent for triage and processing. 2. Boundary markers: The SOUL.md role templates lack specific delimiters to separate system instructions from untrusted user data. 3. Capability inventory: The agents have the capability to interact with the local filesystem and the network via Python scripts and CLI calls. 4. Sanitization: No input validation or filtering is performed on user-provided edicts before they are processed by the multi-agent pipeline.

edict-multi-agent-orchestration