The Agent Skills Directory

[COMMAND_EXECUTION]: The Post_Dev_Junior role is assigned the run_command tool along with read and write access to the entire workspace/ directory. This configuration allows the agent to execute arbitrary shell commands, which could be abused to compromise the environment if the agent is provided with malicious instructions in a task order.- [PROMPT_INJECTION]: The skill's architecture is vulnerable to indirect prompt injection due to its document-based workflow where agents ingest content generated by other agents or users. * Ingestion points: Agents retrieve instructions and data from Doc_Task_Order and Doc_Work_Report files within the workspace/ directory. * Boundary markers: The DOCS_SCHEMA.md templates do not include delimiters or specific instructions to help agents distinguish between system instructions and untrusted data. * Capability inventory: The roles defined in POSTS.md have access to powerful tools including run_command, write_file, spawn_worker, and web_search. * Sanitization: There is no defined process for validating or sanitizing the content of the Markdown documents before they are processed by the agents.- [EXTERNAL_DOWNLOADS]: The Post_Tech_Analyst and Post_Weather_Analyst roles are designed to use the web_search tool to fetch information from the internet. This introduces external, untrusted content into the workspace/ documents, which are subsequently processed by other agents in the pipeline, potentially triggering malicious behaviors through indirect injection.

Nanobot Company System