The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill executes arbitrary shell commands defined in the check field of GOALS.yaml (documented in references/goals-schema.md). This mechanism is used to measure 'fitness' but allows for arbitrary code execution if the YAML file is modified by an attacker or sourced from an untrusted repository.
Evidence: GOALS.yaml schema defines check as a "shell command — exit 0 = pass, non-zero = fail".
Context: This risk is intrinsic to the skill's purpose of autonomous testing and improvement, but lacks apparent validation or sandboxing for these commands.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill implements a 'Work Harvesting' loop (documented in references/compounding.md) where it reads and executes items from next-work.jsonl which are generated from previous agent post-mortem reports.
Ingestion points: next-work.jsonl and GOALS.yaml.
Boundary markers: None detected; the skill appears to trust the harvested JSONL items as valid work instructions.
Capability inventory: Shell execution via GOALS.yaml checks and task execution via /rpi commands.
Sanitization: No sanitization or verification of the harvested work items is documented.

evolve