The Agent Skills Directory

[DATA_EXFILTRATION] (LOW): Potential exposure of system metadata through absolute paths. The references/handoff-payload.schema.json file includes a session_path property described as an 'Absolute path to session directory'. While intended for session management, passing absolute local paths between independent skill components can lead to unintentional disclosure of the host's directory structure to downstream tools.
[PROMPT_INJECTION] (LOW): Surface for Indirect Prompt Injection. The system ingests an original_prompt and reframes it into a {reframed_challenge} which is then directly interpolated into five distinct agent persona templates in references/persona-archetypes.md. Ingestion Point: original_prompt in references/workflow-state-schema.md. Boundary Markers: Absent; the persona templates do not use specific delimiters (like XML tags) to isolate the untrusted challenge from the system instructions. Capability Inventory: The agents have the ability to perform web searches and influence the final Stage 3 synthesis. Sanitization: No evidence of filtering or sanitization of the user input before it is used to drive agent behavior.

perspective-swarm