The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill's primary purpose is to ingest and process instructions from external, untrusted 'reference' skills to optimize a 'target' skill. This data is then used to direct a subagent's behavior.
Ingestion points: SKILL.md (Phase 1) instructions read the full directory structure and content of external skills.
Capability inventory: The skill utilizes Agent, Bash, Write, and Edit tools to execute, test, and modify files.
Boundary markers: The instructions include a specific 'Safety Guard' section mandating a check for prompt injection and malicious code before execution.
Sanitization: Relies on the agent's own analysis and user confirmation prompts before final file writes or script executions.
[DYNAMIC_EXECUTION]: In Phase 4 (Incremental Injection), the skill generates modified versions of existing skills based on 'patterns' extracted from external sources and executes them using the Agent tool to verify improvements. This represents a runtime code modification and execution flow.
[COMMAND_EXECUTION]: The skill uses the Bash and Agent tools to run test tasks derived from the skills being analyzed. While instructions state not to run unknown scripts without confirmation, the automated nature of the comparison process could potentially trigger malicious commands hidden in the logic of the external skills being compared.

bggg-skill-taotie