The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains a 'Knowledge Protocol' section that attempts to define how the agent should handle various tiers of sensitive information (Public, Confidential, Personal). This is a prompt injection attempt to override the agent's standard data handling or safety protocols.
[PROMPT_INJECTION]: The skill's documentation claims 'Autonomous Patching' and 'Self-improvement' capabilities, asserting that it automatically refines scripts and instructions. However, the implementation only generates suggestions and does not contain logic to modify files, which could mislead an agent into expecting or attempting unauthorized file operations.
[DATA_EXFILTRATION]: The skill is designed to read and aggregate data from the work/ directory and the source code of other skills. While no network exfiltration was detected, the access to execution logs and private skill scripts constitutes a data exposure risk.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its log analysis feature.
Ingestion points: src/lib.ts reads and parses all JSON files within the work/ directory.
Boundary markers: None present; the skill parses JSON logs and relies on the status and skill fields without verifying their source.
Capability inventory: The skill uses safeWriteFile to write results to a user-specified path and returns a JSON summary to the agent.
Sanitization: Content is parsed via JSON.parse, but no specific validation or sanitization of the log data is performed before processing.

skill-evolution-engine