The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's installation instructions in README.md and the provided install.sh script utilize a pattern of downloading a script from a remote URL and piping it directly to bash. While the source is the author's own repository (FavioVazquez), this remains an execution of remote code.
Evidence: README.md and install.sh reference 'https://raw.githubusercontent.com/FavioVazquez/agentic-learn/main/install.sh'.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of reading and summarizing untrusted files from the user's project workspace.
Ingestion points: Several actions in SKILL.md, including 'explain', 'quiz', 'learn', and 'interleave', read various files (README.md, config files, source code) to generate content.
Boundary markers: The skill does not define delimiters or specific instructions to ignore embedded prompts within the files being processed.
Capability inventory: The skill performs file reading and writing within the local workspace (e.g., creating files in the 'docs/' directory).
Sanitization: There is no indication of sanitization or validation of the data ingested from the project files.
[COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations, primarily writing logs, journals, and documentation to the user's project directory.
Evidence: Actions in SKILL.md specify writing to 'docs/revisit.md', 'docs/brainstorm/', 'docs/decisions/', and 'docs/project-knowledge.md'.
[EXTERNAL_DOWNLOADS]: The installer script (install.sh) downloads the skill contents from GitHub using git clone or curl as part of the setup process.
Evidence: Logic within install.sh clones from 'https://github.com/FavioVazquez/agentic-learn'.

agentic-learning