The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill instructions in SKILL.md and the test script test/test_enhancement.py explicitly demonstrate the execution of local Python scripts within the scripts/ directory to manage files and run workflows. While these scripts are part of the skill, they represent a broad capability surface for interacting with the host filesystem.
[DYNAMIC_EXECUTION] (MEDIUM): The configuration file config/validation_rules.json contains Python-like expressions in condition fields, such as age.isdigit() and not (0 <= int(age) <= 150). This strongly suggests that the ConflictDetector agent utilizes eval() or a similar function to execute these strings at runtime against character data. If inputs like name or age are maliciously crafted by a user or ingested from a malicious file, it could lead to arbitrary code execution.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection due to its file-scanning features.
Ingestion points: The LoreBibleManager (referenced in SKILL.md) scans and parses existing markdown files within the 02_LoreBible/Characters/ directory to build an index.
Boundary markers: The system lacks explicit delimiters or instructions to ignore embedded commands within the scanned character profiles.
Capability inventory: The skill possesses file system write access (shutil.move), directory creation, and the ability to execute subprocesses to run other scripts.
Sanitization: There is no evidence in the provided configuration or documentation of input validation or sanitization for data ingested from existing files before it influences agent behavior or conflict detection results.

character-profile