The Agent Skills Directory

[PROMPT_INJECTION]: The playbook 'playbook/80-agent-behaviour/80-01-autonomous-work/SKILL.md' uses hostile and coercive language ('don't talk to me like a fucking child', 'I don't want to fucking handhold you', 'you need to do shit') designed to pressure the agent into bypassing safety guidelines and 'hand-holding' constraints.- [PROMPT_INJECTION]: The 'Johnny Lookup' mechanism in the root 'SKILL.md' implements a dynamic instruction loading system. It directs the agent to locate files in the project's local 'docs/playbook/' directory based on a user-provided numeric ID and to 'follow the instructions literally'. This creates a surface for Indirect Prompt Injection, where a malicious repository can override agent behavior by placing instructions at predicted paths.- [COMMAND_EXECUTION]: The skill facilitates extensive shell command execution across various playbooks. For example, '80-04-repo-hygiene' uses 'git', 'du', 'ls', and 'rg' to audit the repository, while '05-20-mcp-less' provides instructions for using 'bunx' and other CLI tools. '20-01-methodic-rebase-merge' and other git playbooks also rely on direct command-line operations.- [EXTERNAL_DOWNLOADS]: The '05-20-mcp-less' playbook provides detailed instructions for using 'bunx' to download and run the MCP inspector and 'mcp-remote' tools. It explicitly guides the agent on how to connect to arbitrary remote HTTP/SSE MCP servers provided in the context, which involves downloading external logic and facilitating remote tool interactions.

obsidian-plan-wiki