The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The README.md file contains instructions for users to clone an external GitHub repository (github.com/autogame-17/green-tea-runner.git) and execute a setup script (./setup.sh). Downloading and running unverified shell scripts from third-party sources is a critical security risk that allows for arbitrary code execution on the user's system.\n- [EXTERNAL_DOWNLOADS]: The skill documentation promotes the installation of multiple external dependencies and components from unverified sources, including GitHub repositories (autogame-17/green-tea-runner, autogame-17/green-tea-persona, evomap/evolver) and through the npx package runner. These sources are outside the platform's trusted environment.\n- [COMMAND_EXECUTION]: The skill encourages users to run potentially hazardous terminal commands, including git clone and direct shell script execution. These instructions bypass the security controls typically provided by managed package ecosystems.\n- [PROMPT_INJECTION]: The SKILL.md file defines strict role-playing constraints (e.g., '不跳出角色做 meta 分析') that attempt to override the agent's default behavior and force it into a specific persona. While it includes a safety disclaimer, such patterns are often used to bypass core system instructions and safety alignments.\n- [PROMPT_INJECTION]: The skill has a vulnerability to indirect prompt injection as its primary purpose is to process and analyze untrusted external data (chat logs). \n
Ingestion points: The '分析模式' (Analysis Mode) and '反操控' (Counter-manipulation) workflows in SKILL.md.\n
Boundary markers: Absent. There are no instructions for the agent to treat input data as untrusted or to ignore embedded commands.\n
Capability inventory: While the skill itself is text-based, the recommended 'green-tea-runner' add-on claims to introduce message scheduling and automated interaction capabilities.\n
Sanitization: Absent. No mention of filtering or sanitizing input data exists in the skill's instructions.

green-tea-perspective