The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines a framework for processing "loom plans" (YAML files) that contain shell commands in fields such as truths, before_stage, and after_stage. This creates a vulnerability to indirect prompt injection where an attacker could provide a malicious plan containing dangerous commands that the agent is then instructed to execute as part of its verification process.
Ingestion points: External YAML "loom plans" containing verification logic.
Boundary markers: Not mentioned; instructions do not advise the agent to isolate or ignore instructions embedded within the processed data.
Capability inventory: The skill relies on the Bash tool to execute a variety of commands including cargo, curl, grep, jq, and project-specific CLI tools.
Sanitization: No sanitization or validation of the commands provided in the YAML plans is described.
[COMMAND_EXECUTION]: The templates and examples provided in the skill encourage the execution of arbitrary shell commands via the Bash tool. Although the examples focus on standard development tasks (e.g., running tests with cargo, checking endpoints with curl on localhost), this capability is the primary vector for potential abuse if combined with untrusted input.

loom-before-after