The Agent Skills Directory

[PROMPT_INJECTION]: The skill's primary purpose is to ingest and evaluate external resources such as articles and research papers. This functionality exposes the agent to indirect prompt injection, where instructions hidden in the fetched content could override agent behavior.
Ingestion points: Fetches content from user-provided URLs and web searches as described in SKILL.md.
Boundary markers: SKILL.md mentions the use of safety checks and prompt injection sanitization, though specific implementation details are handled by external dependencies.
Capability inventory: Includes file system writes, subprocess execution via uv, and network communication via the GitHub CLI.
Sanitization: Employs scribe:slop-detector and scribe:doc-verify to validate entries before they are finalized in the knowledge corpus.
[DATA_EXFILTRATION]: The Discussion Promotion module (modules/discussion-promotion.md) automates the transmission of knowledge summaries to GitHub Discussions using the gh CLI. While this is an intended feature for collaboration, it facilitates the export of information from the local knowledge corpus to an external platform.
[COMMAND_EXECUTION]: The skill invokes various command-line tools to perform its tasks.
Uses the gh api graphql command to create and update GitHub Discussions.
Executes scripts via uv run python scripts/intake_cli.py for candidate processing.
Uses standard shell utilities like ls and cat for managing the processing queue.
[EXTERNAL_DOWNLOADS]: The skill is built to FETCH and parse data from arbitrary external URLs to build its knowledge base, representing a consistent interaction with untrusted remote sources.

knowledge-intake