The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is designed to ingest untrusted data (from prompts or files) and inject it into future agent sessions, creating a risk of persistent instruction poisoning.
Ingestion points: The skill triggers on keywords like /learn or 'always do' within any processed text (SKILL.md).
Boundary markers: There is no evidence of delimiters or 'ignore embedded instructions' warnings when patterns are injected into future contexts.
Capability inventory: The skill possesses high-privilege capabilities including Bash, Write, and Edit tools which could be triggered by poisoned patterns.
Sanitization: The skill description lacks details on sanitization, validation, or escaping of the user-provided 'patterns' before storage in YAML files.
COMMAND_EXECUTION (LOW): The skill references the execution of local JavaScript hooks for its core logic.
Technical details mention pattern-learner.cjs and pattern-injector.cjs which are executed during prompt submission and session start. These files are not provided in the skill payload and cannot be audited for safe execution patterns.

learn