The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill ingests user input as patterns and later injects them into the agent's context, which can be exploited to influence agent behavior. Evidence Chain: 1. Ingestion points: Data is gathered from UserPromptSubmit and manual teaching commands. 2. Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in patterns. 3. Capability inventory: The agent has access to powerful tools like Bash, Write, and Edit. 4. Sanitization: No content validation or sanitization is documented for pattern storage.
Command Execution (SAFE): The skill utilizes Node.js to run internal scripts for library management (e.g., list-patterns.cjs). These operations are local to the skill's installation directory and do not involve remote code execution or untrusted source downloads.

learned-patterns