The Agent Skills Directory

[COMMAND_EXECUTION]: The skill programmatically modifies a local training script and executes it using subprocess commands (e.g., uv run train.py). It also utilizes shell commands for version control via git and log analysis through grep and awk. This dynamic execution of agent-generated code is a high-risk pattern that can be exploited to execute arbitrary logic if the modification process is subverted.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates external codebase content into its reasoning loop. * Ingestion points: The agent reads the full content of train.py, prepare.py, and README.md (Phase 1.3 and Phase 2.1). * Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish codebase content from its own system instructions. * Capability inventory: The agent has the ability to write to the filesystem and execute system commands (uv run, git). * Sanitization: The skill does not perform any validation, filtering, or escaping of comments or code from the ingested files before processing them.

autoresearch