The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and executes the contents of third-party SKILL.md files and user-provided test inputs during its optimization loop. Ingestion points: Target SKILL.md file, referenced files, and user-supplied test scenarios. Boundary markers: The skill does not implement specific delimiters or safety instructions to prevent the agent from obeying malicious instructions embedded within the target skill's content during evaluation. Capability inventory: The agent has permissions to read/write local files and execute system commands. Sanitization: No input validation or sanitization of the target skill content is performed before processing.
[COMMAND_EXECUTION]: The skill uses the open command to automatically launch a generated HTML dashboard in the user's default web browser for monitoring experiment progress.
[EXTERNAL_DOWNLOADS]: The generated HTML dashboard includes a script tag to load the Chart.js library from a public CDN for rendering performance charts. This uses a well-known service for legitimate reporting functionality.

autoresearch